The emails sent from the contribute page are escaped with quotes encoded as entities by email, that makes the messages hard to read for people that answer those messages, /ex I received: J'adore le ''Renard de feu'' instead of: J'adore le ''Renard de feu'' Thanks
Mike - which workflow do you want to put this one in? Thx.
adding to mozilla.org kanban board
Priority: -- → P3
We need to be careful here. The data we're putting in the messages is supplied by the users, correct? If we put it into an email without escaping it, and the recipient views the email in a browser, and the user had put something nasty into the data, that could be bad. We might be able to find a way to escape any markup in the data, without transforming Unicode characters into HTML entities.
We are not dealing with html here, we are dealing with emails sent as plain text: Content-Type: text/plain; charset="utf-8" Putting html entities in data that is *not* html is the bug.
Then it sounds like it would be acceptable to just strip anything that looks like markup from the user input, which would make it safe to turn off whatever is trying to apply escaping to the message. Agree?
totaAgreed, we just want to receive plain text. Thanks
Pull request opened: https://github.com/mozilla/bedrock/pull/1114
Commits pushed to master at https://github.com/mozilla/bedrock https://github.com/mozilla/bedrock/commit/82d123b09f1481135a5a26a612e800c564d995c8 Bug 826323 - Don't HTML-escape the text in contribute emails https://github.com/mozilla/bedrock/commit/734616fb1bc33e1db161c27296e4182574bd0d1a Merge pull request #1114 from dpoirier/bug-826323-dont-encode-contribute-emails Bug 826323 - Don't HTML-escape the text in contribute emails
fixed on stage
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
Adding pmartins so he's aware of this change in case it influences any processing he is doing to take data from these email for the arewegrowingyet.com dashboard.
You need to log in before you can comment on or make changes to this bug.