Allow custom HTML in HTML Emails #8026
Conversation
nickvergessen
added
enhancement
3. to review
|
Then we need to check if all callers properly escape this and document this in the PHPDoc of the method, but I'm fine with that to not clutter the API even more. |
Codecov Report
@@ Coverage Diff @@
## master #8026 +/- ##
============================================
- Coverage 51.69% 51.69% -0.01%
Complexity 25395 25395
============================================
Files 1599 1599
Lines 95114 95120 +6
Branches 1377 1377
============================================
+ Hits 49167 49168 +1
- Misses 45947 45952 +5
|
|
Mmmm yes. lets do it like this for now we can always improve later. |
|
@MorrisJobke can you generate a list for the appstore submissions? |
What do you mean by that? |
|
which apps are using that method and might need adjustment |
|
|
|
Hmm while looking into a patch for the calendar, I realize why a parameter or second method would be better: // before
$emailTemplate->addBodyText($this->l10n->t('We wanted to inform you that %s has published the calendar »%s«.', [$displayName, $calendarName]));
// after
$emailTemplate->addBodyText(
htmlspecialchars($this->l10n->t('We wanted to inform you that %s has published the calendar »%s«.', [$displayName, $calendarName])),
$this->l10n->t('We wanted to inform you that %s has published the calendar »%s«.', [$displayName, $calendarName])
);basically we need to touch all usages of those methods which use fallback Or we automatically encode when plain is the fallback, because that means you want to display the same string and there should not be HTML inside, so we need to special char it. |
I'm fine with that. You need to provide the HTML and the plain text separately. If you want to put HTML in there it should also not present in the plain text (or at least in a different way). So this is okay. Let's go for the "two strings needs to be passed" method I would say. |
Signed-off-by: Joas Schilling <coding@schilljs.com>
I think a fallback makes sense here - use the text for both and escape the html if only one string is provided. |
Signed-off-by: Joas Schilling <coding@schilljs.com>
nickvergessen
force-pushed
the
feature/noid/allow-custom-html-in-html-emails
branch
from
8a9089f to
339e320
Compare
That's what we do now, I talked to morris a bit more and explained the use cases. |
| @@ -420,7 +420,7 @@ protected function ensureBodyIsOpened() { | |||
| /** | |||
| * Adds a paragraph to the body of the email | |||
| * | |||
| * @param string $text | |||
| * @param string $text Note: When $plainText falls back to this, HTML is automatically escaped in the HTML email | |||
There was a problem hiding this comment.
Please put this also in the public interface ;)
Signed-off-by: Joas Schilling <coding@schilljs.com>
nickvergessen
deleted the
feature/noid/allow-custom-html-in-html-emails
branch
We need to allow custom HTML, so e.g. the activity app can link file names to the file in the web view.
Currently that is not possible because all HTML is escaped.
The question is if we want to do it the simple way like this, or if we want to add a flag/new method that does not automatically-escape the input.