From d8eb0842406b6b05b77b897b799a7262980cfb33 Mon Sep 17 00:00:00 2001
From: James Cole <james@firefly-iii.org>
Date: Wed, 26 Apr 2023 05:29:28 +0200
Subject: [PATCH] Add rule for notes and better escaping in errors.

---
 app/Http/Requests/BillUpdateRequest.php | 1 +
 resources/views/emails/error-html.twig  | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/Http/Requests/BillUpdateRequest.php b/app/Http/Requests/BillUpdateRequest.php
index d205a6d680..89ffa5b0a7 100644
--- a/app/Http/Requests/BillUpdateRequest.php
+++ b/app/Http/Requests/BillUpdateRequest.php
@@ -81,6 +81,7 @@ class BillUpdateRequest extends FormRequest
             'repeat_freq'             => sprintf('required|in:%s', join(',', config('firefly.bill_periods'))),
             'skip'                    => 'required|integer|gte:0|lte:31',
             'active'                  => 'boolean',
+            'notes'                   => 'between:1,65536|nullable',
         ];
     }
 }
diff --git a/resources/views/emails/error-html.twig b/resources/views/emails/error-html.twig
index d06b2c3ddc..08c4f1be05 100644
--- a/resources/views/emails/error-html.twig
+++ b/resources/views/emails/error-html.twig
@@ -1,6 +1,6 @@
 {% include 'emails.header-html' %}
 <p style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;">
-    {{ trans('email.error_intro', { version: version, errorMessage: errorMessage })|raw }}
+    {{ trans('email.error_intro', { version: version, errorMessage: errorMessage|escape })|raw }}
 </p>
 
 <p style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;">