Skip to content
This repository has been archived by the owner on Jul 24, 2021. It is now read-only.

Wrong encoding of certain characters in private messages forwarded to mail #4118

Closed
openstreetmap-trac opened this issue Jul 23, 2021 · 5 comments

Comments

@openstreetmap-trac
Copy link

Reporter: Kurt Krampmeier
[Submitted to the original trac issue database at 5.52pm, Thursday, 1st December 2011]

When using the function to write messages to other users (e. g. http://www.openstreetmap.org/message/new/Kurt%20Krampmeier), the system does not correctly forward the messages as an email.

The characters &, ", > and < are encoded as HTML entities, which is obviously wrong in plain text emails. The previous sentence would be displayed as

'The characters &, ", > and < are encoded ...'

@openstreetmap-trac
Copy link
Author

Author: TomH
[Added to the original trac issue at 7.45pm, Thursday, 1st December 2011]

Fixed - we no longer escape HTML in the text notification emails. Fix will be delpoyed shortly.

@openstreetmap-trac
Copy link
Author

Author: Kurt Krampmeier
[Added to the original trac issue at 1.44am, Saturday, 3rd December 2011]

Fix is incomplete. Text of subject is still escaped in mail body. User names might also be affeced, if such characters are allowed in user names.

@openstreetmap-trac
Copy link
Author

Author: TomH
[Added to the original trac issue at 11.36am, Saturday, 3rd December 2011]

Only the message body allows HTML so this is actually correct.

@openstreetmap-trac
Copy link
Author

Author: Kurt Krampmeier
[Added to the original trac issue at 12.07pm, Saturday, 3rd December 2011]

Right, HTML is not allowed in the subject (and hopefully user names). But since the given characters are still allowed in the subject (and maybe in user names) as normal characters without special meaning, they need to be escaped when displayed on the website. This is right. But they currently are also escaped in the plaintext part of the mail. This is wrong. It has nothing to do with HTML being allowed or not. Just send yourself a message with a subject like '" & < >' and check the plaintext part of the received mail. It will read "[...] has sent you a message through OpenStreetMap with the subject " & < >:"

@openstreetmap-trac
Copy link
Author

Author: TomH
[Added to the original trac issue at 5.59pm, Saturday, 3rd December 2011]

Fixed.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

1 participant