From 26c8903c9eb372138fbce9df53ab507dc6c8f47b Mon Sep 17 00:00:00 2001 From: Leandro Nunes dos Santos Date: Tue, 5 Jul 2016 13:24:09 -0300 Subject: [PATCH] trust in html code generated for emails --- app/mailers/contact.rb | 4 ++-- app/mailers/environment_mailing.rb | 2 +- app/mailers/mailing.rb | 4 ++-- app/mailers/organization_mailing.rb | 2 +- app/mailers/pending_task_notifier.rb | 4 ++-- app/mailers/scrap_notifier.rb | 4 ++-- app/mailers/task_mailer.rb | 6 +++--- app/mailers/user_mailer.rb | 14 +++++++------- 8 files changed, 20 insertions(+), 20 deletions(-) diff --git a/app/mailers/contact.rb b/app/mailers/contact.rb index f3dc426..3eec193 100644 --- a/app/mailers/contact.rb +++ b/app/mailers/contact.rb @@ -47,8 +47,8 @@ class Contact content_type: 'text/html', to: contact.dest.notification_emails, reply_to: contact.email, - subject: "[#{contact.dest.short_name(30)}] " + contact.subject, - from: "#{contact.name} <#{contact.dest.environment.noreply_email}>" + subject: "[#{contact.dest.short_name(30)}] #{contact.subject,}".html_safe, + from: "#{contact.name} <#{contact.dest.environment.noreply_email}>".html_safe } if contact.sender diff --git a/app/mailers/environment_mailing.rb b/app/mailers/environment_mailing.rb index a1c2721..6141e84 100644 --- a/app/mailers/environment_mailing.rb +++ b/app/mailers/environment_mailing.rb @@ -30,7 +30,7 @@ class EnvironmentMailing < Mailing end def signature_message - _('Sent by %s.') % source.name + _('Sent by %s.').html_safe % source.name end def url diff --git a/app/mailers/mailing.rb b/app/mailers/mailing.rb index c6ad8cf..2c13be8 100644 --- a/app/mailers/mailing.rb +++ b/app/mailers/mailing.rb @@ -23,11 +23,11 @@ class Mailing < ApplicationRecord end def generate_from - "#{source.name} <#{if source.is_a? Environment then source.noreply_email else source.contact_email end}>" + "#{source.name} <#{if source.is_a? Environment then source.noreply_email else source.contact_email end}>".html_safe end def generate_subject - '[%s] %s' % [source.name, subject] + '[%s] %s'.html_safe % [source.name, subject] end def signature_message diff --git a/app/mailers/organization_mailing.rb b/app/mailers/organization_mailing.rb index a9fd5cc..4c8233c 100644 --- a/app/mailers/organization_mailing.rb +++ b/app/mailers/organization_mailing.rb @@ -30,7 +30,7 @@ class OrganizationMailing < Mailing end def signature_message - _('Sent by community %s.') % source.name + _('Sent by community %s.').html_safe % source.name end include Rails.application.routes.url_helpers diff --git a/app/mailers/pending_task_notifier.rb b/app/mailers/pending_task_notifier.rb index 4fd637b..501339b 100644 --- a/app/mailers/pending_task_notifier.rb +++ b/app/mailers/pending_task_notifier.rb @@ -12,8 +12,8 @@ class PendingTaskNotifier < ApplicationMailer mail( to: person.email, - from: "#{person.environment.name} <#{person.environment.noreply_email}>", - subject: _("[%s] Pending tasks") % person.environment.name + from: "#{person.environment.name} <#{person.environment.noreply_email}>".html_safe, + subject: _("[%s] Pending tasks").html_safe % person.environment.name ) end diff --git a/app/mailers/scrap_notifier.rb b/app/mailers/scrap_notifier.rb index 13d9a50..cb711e3 100644 --- a/app/mailers/scrap_notifier.rb +++ b/app/mailers/scrap_notifier.rb @@ -14,8 +14,8 @@ class ScrapNotifier < ApplicationMailer @url = sender.environment.top_url mail( to: receiver.email, - from: "#{sender.environment.name} <#{sender.environment.noreply_email}>", - subject: _("[%s] You received a scrap!") % [sender.environment.name] + from: "#{sender.environment.name} <#{sender.environment.noreply_email}>".html_safe, + subject: _("[%s] You received a scrap!").html_safe % [sender.environment.name] ) end end diff --git a/app/mailers/task_mailer.rb b/app/mailers/task_mailer.rb index ed7801e..ad7a091 100644 --- a/app/mailers/task_mailer.rb +++ b/app/mailers/task_mailer.rb @@ -14,7 +14,7 @@ class TaskMailer < ApplicationMailer mail( to: task.target.notification_emails.compact, from: self.class.generate_from(task), - subject: "[%s] %s" % [task.environment.name, task.target_notification_description] + subject: "[%s] %s".html_safe % [task.environment.name, task.target_notification_description] ) end @@ -27,7 +27,7 @@ class TaskMailer < ApplicationMailer mail( to: task.friend_email, from: self.class.generate_from(task), - subject: '[%s] %s' % [ task.requestor.environment.name, task.target_notification_description ] + subject: '[%s] %s'.html_safe % [ task.requestor.environment.name, task.target_notification_description ] ) end @@ -43,7 +43,7 @@ class TaskMailer < ApplicationMailer mail_with_template( to: task.requestor.notification_emails, from: self.class.generate_from(task), - subject: '[%s] %s' % [task.requestor.environment.name, task.target_notification_description], + subject: '[%s] %s'.html_safe % [task.requestor.environment.name, task.target_notification_description], email_template: task.email_template, template_params: {:environment => task.requestor.environment, :task => task, :message => @message, :url => @url, :requestor => task.requestor} ) diff --git a/app/mailers/user_mailer.rb b/app/mailers/user_mailer.rb index 65f8ced..d983cfc 100644 --- a/app/mailers/user_mailer.rb +++ b/app/mailers/user_mailer.rb @@ -13,8 +13,8 @@ class UserMailer < ApplicationMailer mail( to: user_email, - from: "#{user.environment.name} <#{user.environment.contact_email}>", - subject: _("[%{environment}] Welcome to %{environment} mail!") % { :environment => user.environment.name } + from: "#{user.environment.name} <#{user.environment.contact_email}>".html_safe, + subject: _("[%{environment}] Welcome to %{environment} mail!").html_safe % { :environment => user.environment.name } ) end @@ -30,7 +30,7 @@ class UserMailer < ApplicationMailer mail_with_template( from: "#{user.environment.name} <#{user.environment.contact_email}>", to: user.email, - subject: _("[%s] Activate your account") % [user.environment.name], + subject: _("[%s] Activate your account").html_safe % [user.environment.name], template_params: {:environment => user.environment, :activation_code => @activation_code, :redirection => @redirection, :join => @join, :person => user.person, :url => @url}, email_template: user.environment.email_templates.find_by_template_type(:user_activation), ) @@ -44,8 +44,8 @@ class UserMailer < ApplicationMailer mail( content_type: 'text/html', to: user.email, - from: "#{user.environment.name} <#{user.environment.contact_email}>", - subject: email_subject.blank? ? _("Welcome to environment %s") % [user.environment.name] : email_subject, + from: "#{user.environment.name} <#{user.environment.contact_email}>".html_safe, + subject: email_subject.blank? ? _("Welcome to environment %s").html_safe % [user.environment.name] : email_subject, body: @body ) end @@ -63,8 +63,8 @@ class UserMailer < ApplicationMailer mail( content_type: 'text/html', to: user.email, - from: "#{user.environment.name} <#{user.environment.contact_email}>", - subject: _("[%s] What about grow up your network?") % user.environment.name + from: "#{user.environment.name} <#{user.environment.contact_email}>".html_safe, + subject: _("[%s] What about grow up your network?").html_safe % user.environment.name ) end -- libgit2 0.21.2