SECURITY: Correctly escape 'text' email preview

2025-02-25 18:55:32 -06:00 · 2023-09-27 11:58:18 +01:00
parent 76bdea5ce2
commit 0ed20fe1cd
2 changed files with 46 additions and 5 deletions
--- a/app/assets/javascripts/admin/addon/templates/email-preview-digest.hbs
+++ b/app/assets/javascripts/admin/addon/templates/email-preview-digest.hbs
@@ -21,13 +21,15 @@
        {{#if this.showHtml}}
          <span>{{i18n "admin.email.html"}}</span>
          |
-          <a href {{on "click" this.toggleShowHtml}}>
+          <a href {{on "click" this.toggleShowHtml}} class="show-text-link">
            {{i18n "admin.email.text"}}
          </a>
        {{else}}
-          <a href {{on "click" this.toggleShowHtml}}>{{i18n
-              "admin.email.html"
-            }}</a>
+          <a
+            href
+            {{on "click" this.toggleShowHtml}}
+            class="show-html-link"
+          >{{i18n "admin.email.html"}}</a>
          |
          <span>{{i18n "admin.email.text"}}</span>
        {{/if}}
@@ -77,7 +79,7 @@
          ></iframe>
        {{/if}}
      {{else}}
-        <pre>{{html-safe this.model.text_content}}</pre>
+        <pre>{{this.model.text_content}}</pre>
      {{/if}}
    </div>
  </div>