Opened 8 years ago

Closed 8 years ago

#4118 closed defect (fixed)

Wrong encoding of certain characters in private messages forwarded to mail

Reported by: Kurt Krampmeier Owned by: rails-dev@…
Priority: major Milestone:
Component: website Version:
Keywords: Cc:

Description

When using the function to write messages to other users (e. g. <http://www.openstreetmap.org/message/new/Kurt%20Krampmeier>), the system does not correctly forward the messages as an email.

The characters &, ", > and < are encoded as HTML entities, which is obviously wrong in plain text emails. The previous sentence would be displayed as

'The characters &amp;, &quot;, &gt; and &lt; are encoded ...'

Change History (5)

comment:1 Changed 8 years ago by Tom Hughes

Resolution: fixed
Status: newclosed

Fixed - we no longer escape HTML in the text notification emails. Fix will be delpoyed shortly.

comment:2 Changed 8 years ago by Kurt Krampmeier

Resolution: fixed
Status: closedreopened

Fix is incomplete. Text of subject is still escaped in mail body. User names might also be affeced, if such characters are allowed in user names.

comment:3 Changed 8 years ago by Tom Hughes

Resolution: fixed
Status: reopenedclosed

Only the message body allows HTML so this is actually correct.

comment:4 Changed 8 years ago by Kurt Krampmeier

Resolution: fixed
Status: closedreopened

Right, HTML is not allowed in the subject (and hopefully user names). But since the given characters are still allowed in the subject (and maybe in user names) as normal characters without special meaning, they need to be escaped when displayed on the website. This is right. But they currently are also escaped in the plaintext part of the mail. This is wrong. It has nothing to do with HTML being allowed or not. Just send yourself a message with a subject like '" & < >' and check the plaintext part of the received mail. It will read "[...] has sent you a message through OpenStreetMap with the subject &quot; &amp; &lt; &gt;:"

comment:5 Changed 8 years ago by Tom Hughes

Resolution: fixed
Status: reopenedclosed

Fixed.

Note: See TracTickets for help on using tickets.