Merge pull request #3550 from alphagov/fix-html-escaping-email-subject-preview

Fix HTML being escaped in preview of email subject
2026-02-15 07:54:32 -05:00 · 2020-08-10 08:59:44 +01:00
parent 0e99bede68 4d65b94c77
commit 3573ce1437
2 changed files with 25 additions and 7 deletions
--- a/app/main/views/jobs.py
+++ b/app/main/views/jobs.py
@@ -3,6 +3,7 @@
 from functools import partial

 from flask import (
+    Markup,
    Response,
    abort,
    flash,
@@ -438,14 +439,14 @@ def get_preview_of_content(notification):
        ))

    if notification['template']['template_type'] == 'email':
-        return EmailPreviewTemplate(
+        return Markup(EmailPreviewTemplate(
            notification['template'],
            notification['personalisation'],
            redact_missing_personalisation=True,
-        ).subject
+        ).subject)

    if notification['template']['template_type'] == 'letter':
-        return LetterPreviewTemplate(
+        return Markup(LetterPreviewTemplate(
            notification['template'],
            notification['personalisation'],
-        ).subject
+        ).subject)
--- a/tests/app/main/views/test_activity.py
+++ b/tests/app/main/views/test_activity.py
@@ -648,29 +648,46 @@ def test_html_contains_links_for_failed_notifications(
        assert normalize_spaces(link_text) == 'Technical failure'


+@pytest.mark.parametrize('notification_type, expected_row_contents', (
+    ('sms', (
+        '07123456789 hello & welcome hidden'
+    )),
+    ('email', (
+        'example@gov.uk hidden, hello & welcome'
+    )),
+    ('letter', (
+        # Letters don’t support redaction, but this test is still
+        # worthwhile to show that the ampersand is not double-escaped
+        '1 Example Street ((name)), hello & welcome'
+    )),
+))
 def test_redacts_templates_that_should_be_redacted(
    client_request,
    mocker,
    mock_get_service_statistics,
    mock_get_service_data_retention,
    mock_get_no_api_keys,
+    notification_type,
+    expected_row_contents,
 ):
    notifications = create_notifications(
        status='technical-failure',
-        content='hello ((name))',
+        content='hello & welcome ((name))',
+        subject='((name)), hello & welcome',
        personalisation={'name': 'Jo'},
        redact_personalisation=True,
+        template_type=notification_type,
    )
    mocker.patch('app.notification_api_client.get_notifications_for_service', return_value=notifications)

    page = client_request.get(
        'main.view_notifications',
        service_id=SERVICE_ONE_ID,
-        message_type='sms',
+        message_type=notification_type,
    )

    assert normalize_spaces(page.select('tbody tr th')[0].text) == (
-        '07123456789 hello hidden'
+        expected_row_contents
    )