From 9d2cf4f0083879b549f703a90d15ad180e6c51fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C4=93teris=20Caune?= Date: Wed, 25 Mar 2020 17:18:14 +0200 Subject: [PATCH] Don't escape HTML in the subject line of notification emails --- CHANGELOG.md | 1 + hc/api/tests/test_notify.py | 8 ++++++++ templates/emails/alert-subject.html | 2 +- 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7ce5b832..5b69f014 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ All notable changes to this project will be documented in this file. ### Bug Fixes - "Get a single check" API call now supports read-only API keys (#346) +- Don't escape HTML in the subject line of notification emails ## v1.14.0 - 2020-03-23 diff --git a/hc/api/tests/test_notify.py b/hc/api/tests/test_notify.py index 0b64fa4d..c4054d01 100644 --- a/hc/api/tests/test_notify.py +++ b/hc/api/tests/test_notify.py @@ -345,6 +345,14 @@ class NotifyTestCase(BaseTestCase): self.assertEqual(Notification.objects.count(), 0) self.assertEqual(len(mail.outbox), 0) + def test_email_handles_amperstand(self): + self._setup_data("email", "alice@example.org") + self.check.name = "Foo & Bar" + self.channel.notify(self.check) + + email = mail.outbox[0] + self.assertEqual(email.subject, "DOWN | Foo & Bar") + @patch("hc.api.transports.requests.request") def test_pd(self, mock_post): self._setup_data("pd", "123") diff --git a/templates/emails/alert-subject.html b/templates/emails/alert-subject.html index 299e02c9..a4ea9b14 100644 --- a/templates/emails/alert-subject.html +++ b/templates/emails/alert-subject.html @@ -1,2 +1,2 @@ -{{ check.status|upper }} | {{ check.name_then_code }} +{{ check.status|upper }} | {{ check.name_then_code|safe }}