mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-02-19 09:54:36 -05:00
267b58a66d
This is another problem with sanitising HTML, this with with it getting encoded where it shouldn’t be. The result was, when editing a template, the API getting sent an encoded rather than raw version of the subject (for letters and emails). The reason this happened is because BeautifulSoup behaves in an unexpected way. When accessing the `value` attribute of an `input` BeautifulSoup returns an unencoded version of the contents. In other words it returns what the user would see in the page, not what is in the raw HTML of the page. This meant that we were trying too hard to see an `&` instead of a `&` in our tests[1]. So things were actually working fine before adding the call to `escape_html`[2], but from the output of the tests it didn’t look like HTML was getting escaped. So this commit fixes the bug by removing the call to `escape_html` and adding a test that looks at the raw HTML, to complement the existing test which looks at just the `value` attribute. 1. Relevant test added here: https://github.com/alphagov/notifications-admin/pull/1178/files#diff-f2eb304b93cc383727c0ab7fc8fbd464R289 2. Call added here: https://github.com/alphagov/notifications-admin/pull/1178/files#diff-f0af582449ebf426f27f37e38f310057R252
notifications-admin
GOV.UK Notify admin application.
Features of this application
- Register and manage users
- Create and manage services
- Send batch emails and SMS by uploading a CSV
- Show history of notifications
First-time setup
Brew is a package manager for OSX. The following command installs brew:
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
Languages needed
brew install node imagemagick ghostscript cairo pango
NPM is Node's package management tool. n is a tool for managing
different versions of Node. The following installs n and uses the latest
version of Node.
npm install -g n
n latest
npm rebuild node-sass
The app runs within a virtual environment. We use mkvirtualenv for easier working with venvs
pip install virtualenvwrapper
mkvirtualenv -p /usr/local/bin/python3 notifications-admin
Install dependencies and build the frontend assets:
workon notifications-admin
./scripts/bootstrap.sh
Rebuilding the frontend assets
If you want the front end assets to re-compile on changes, leave this running in a separate terminal from the app
npm run watch
Create a local environment.sh file containing the following:
echo "
export NOTIFY_ENVIRONMENT='development'
export ADMIN_CLIENT_SECRET='notify-secret-key'
export API_HOST_NAME='http://localhost:6011'
export DANGEROUS_SALT='dev-notify-salt'
export SECRET_KEY='notify-secret-key'
export DESKPRO_API_HOST="some-host"
export DESKPRO_API_KEY="some-key"
"> environment.sh
AWS credentials
Your aws credentials should be stored in a folder located at ~/.aws. Follow Amazon's instructions for storing them correctly
Running the application
workon notifications-admin
./scripts/run_app.sh
Then visit localhost:6012