V8-archive: Twig rendering not accepting <br/> or <p>
Bug Report
Steps to Reproduce
- Post to the
/[project]/mailendpoint as described on: - Use this data:
{
"to": [
{"[email protected]"}
],
"subject": "New Password",
"body": "Hello <b>{{name}}</b>, this is your new password: <br /><br />{{password}}.",
"type": "html",
"data": {
"name": "John Doe",
"password": "secret"
}
}
- Check your email
Expected Behavior
There should be line breaks in the email
Actual Behavior
The bold tags are rendered. The line breaks are missing
Other Context & Screenshots
Used both {{ body | raw }} and autoescape false
Email as shown in Gmail:
Technical Details
- Device: Desktop, Chrome latest
- OS: MacOs latest
- Web Server: Apache 2.4
- PHP Version: 7.2
- Database: 5.6
- Install Method: api standalone master
stefanvangastel
All 9 comments
Oke, I guess this has to do with this code: https://github.com/directus/api/blob/master/src/helpers/mail.php#L81 where the content is sanitized
And the list of tags allowed here:
https://github.com/directus/api/blob/master/src/helpers/mail.php#L97
Maybe make this configurable?
stefanvangastel
on 18 Mar 2019
Or we can extend the list of safe HTML tags. I don't think this is something that users need to configure or think about most of the time. Adding this as a configuration option will only introduce more confusion as to what needs to be configured 🙂
rijkvanzanten
on 18 Mar 2019
I totally agree, I can make a PR with some added tags:
p
br
h2
h3
h4
hr
More / less tags?
stefanvangastel
on 18 Mar 2019
That looks like a good additional set! I don't think you can safely use any other "fancy" html elements in emails anyway, so this should already open up the email templating enough I think
rijkvanzanten
on 18 Mar 2019
I'll submit a PR asap.
stefanvangastel
on 18 Mar 2019
Thanks!
rijkvanzanten
on 18 Mar 2019
I just was looking at some boilerplate email templates - and one almost has to permit table, because they're frequently used for the positioning in email templates.
'b', 'i', 'a', 'p', 'br', 'hr', 'button', 'h1', 'h2', 'h3', 'h4', 'h5', 'table', 'thead', 'tbody', 'tfoot', 'th', 'tr', 'td'
syslogic
on 20 Mar 2019
Agreed. Will take that in account when submitting PR
Op wo 20 mrt. 2019 om 18:12 schreef Martin Zeitler <[email protected]
:
I just was looking at some boilerplate email templates - and one almost
has to permit table, because they're frequently used for the positioning
in email templates.'b', 'i', 'a', 'p', 'br', 'hr', 'button', 'h1', 'h2', 'h3', 'h4', 'h5', 'table', 'thead', 'tbody', 'tfoot', 'th', 'tr', 'td'
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/directus/api/issues/832#issuecomment-474937362, or mute
the thread
https://github.com/notifications/unsubscribe-auth/ACW-EpXQtE3XD7hQWRGwqGV5kEK4ChXwks5vYmv0gaJpZM4b6cX4
.
stefanvangastel
on 20 Mar 2019
Closed in https://github.com/directus/api/pull/849
rijkvanzanten
on 25 Mar 2019
Related issues
wellingguzman
·
25Comments
konradwww
·
43Comments
jameswill
·
32Comments
shartley76
·
40Comments
rijkvanzanten
·
55Comments