don't encode quotes as utf8 html entities in emails sent from the contribute page

RESOLVED FIXED

Status

www.mozilla.org
Bedrock
RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: pascalc, Assigned: dpoirier)

Tracking

(Blocks: 1 bug)

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [kb=1024042] )

(Reporter)

Description

5 years ago
The emails sent from the contribute page are escaped with quotes encoded as entities by email, that makes the messages hard to read for people that answer those messages, /ex I received:

J'adore le ''Renard de feu''

instead of:
J'adore le ''Renard de feu''

Thanks

Updated

5 years ago
Duplicate of this bug: 846997
Mike - which workflow do you want to put this one in?  Thx.
Flags: needinfo?(malexis)
adding to mozilla.org kanban board
Flags: needinfo?(malexis)
Priority: -- → P3
(Assignee)

Comment 4

5 years ago
We need to be careful here.

The data we're putting in the messages is supplied by the users, correct? If we put it into an email without escaping it, and the recipient views the email in a browser, and the user had put something nasty into the data, that could be bad.

We might be able to find a way to escape any markup in the data, without transforming Unicode characters into HTML entities.
(Reporter)

Comment 5

5 years ago
We are not dealing with html here, we are dealing with emails sent as plain text:
Content-Type: text/plain; charset="utf-8"

Putting html entities in data that is *not* html is the bug.
(Assignee)

Comment 6

5 years ago
Then it sounds like it would be acceptable to just strip anything that looks like markup from the user input, which would make it safe to turn off whatever is trying to apply escaping to the message.  Agree?
(Reporter)

Comment 7

5 years ago
totaAgreed, we just want to receive plain text. Thanks

Updated

5 years ago
Priority: P3 → --
Whiteboard: [kb=1024042]
(Assignee)

Updated

5 years ago
Assignee: nobody → dpoirier
(Assignee)

Comment 8

5 years ago
Pull request opened: https://github.com/mozilla/bedrock/pull/1114

Comment 9

5 years ago
Commits pushed to master at https://github.com/mozilla/bedrock

https://github.com/mozilla/bedrock/commit/82d123b09f1481135a5a26a612e800c564d995c8
Bug 826323 - Don't HTML-escape the text in contribute emails

https://github.com/mozilla/bedrock/commit/734616fb1bc33e1db161c27296e4182574bd0d1a
Merge pull request #1114 from dpoirier/bug-826323-dont-encode-contribute-emails

Bug 826323 - Don't HTML-escape the text in contribute emails
fixed on  stage
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED

Comment 11

5 years ago
Adding pmartins so he's aware of this change in case it influences any processing he is doing to take data from these email for the arewegrowingyet.com dashboard.
You need to log in before you can comment on or make changes to this bug.