Closed Bug 826323 Opened 12 years ago Closed 11 years ago

don't encode quotes as utf8 html entities in emails sent from the contribute page

Categories

(www.mozilla.org :: Bedrock, defect)

Product:
www.mozilla.org
Component:
Bedrock
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: pascalc, Assigned: dpoirier)

References

(Blocks 1 open bug)

Details

(Whiteboard: [kb=1024042] ) 

The emails sent from the contribute page are escaped with quotes encoded as entities by email, that makes the messages hard to read for people that answer those messages, /ex I received:

J'adore le ''Renard de feu''

instead of:
J'adore le ''Renard de feu''

Thanks
Mike - which workflow do you want to put this one in?  Thx.
Flags: needinfo?(malexis)
adding to mozilla.org kanban board
Flags: needinfo?(malexis)
Priority: -- → P3
We need to be careful here.

The data we're putting in the messages is supplied by the users, correct? If we put it into an email without escaping it, and the recipient views the email in a browser, and the user had put something nasty into the data, that could be bad.

We might be able to find a way to escape any markup in the data, without transforming Unicode characters into HTML entities.
We are not dealing with html here, we are dealing with emails sent as plain text:
Content-Type: text/plain; charset="utf-8"

Putting html entities in data that is *not* html is the bug.
Then it sounds like it would be acceptable to just strip anything that looks like markup from the user input, which would make it safe to turn off whatever is trying to apply escaping to the message.  Agree?
totaAgreed, we just want to receive plain text. Thanks
Priority: P3 → --
Whiteboard: [kb=1024042]
Assignee: nobody → dpoirier
Commits pushed to master at https://github.com/mozilla/bedrock

https://github.com/mozilla/bedrock/commit/82d123b09f1481135a5a26a612e800c564d995c8
Bug 826323 - Don't HTML-escape the text in contribute emails

https://github.com/mozilla/bedrock/commit/734616fb1bc33e1db161c27296e4182574bd0d1a
Merge pull request #1114 from dpoirier/bug-826323-dont-encode-contribute-emails

Bug 826323 - Don't HTML-escape the text in contribute emails
fixed on  stage
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Adding pmartins so he's aware of this change in case it influences any processing he is doing to take data from these email for the arewegrowingyet.com dashboard.
You need to log in before you can comment on or make changes to this bug.