debianize-mobilizon/lib/web/templates/email/activity/_post_activity_item.html.heex
Thomas Citharel 470a3e594b
Correctly escape user-defined names in emails
Closes #1151

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2022-10-31 14:30:40 +01:00

31 lines
1.2 KiB
Plaintext

<%= case @activity.subject do %>
<% :post_created -> %>
<%= dgettext("activity", "The post %{post} was created by %{profile}.", %{
profile: "<b>#{escaped_display_name_and_username(@activity.author)}</b>",
post:
"<a href=\"#{Routes.page_url(Mobilizon.Web.Endpoint,
:post,
@activity.subject_params["post_slug"]) |> URI.decode()}\">
#{escape_html(@activity.subject_params["post_title"])}
</a>"
})
|> raw %>
<% :post_updated -> %>
<%= dgettext("activity", "The post %{post} was updated by %{profile}.", %{
profile: "<b>#{escaped_display_name_and_username(@activity.author)}</b>",
post:
"<a href=\"#{Routes.page_url(Mobilizon.Web.Endpoint,
:post,
@activity.subject_params["post_slug"]) |> URI.decode()}\">
#{escape_html(@activity.subject_params["post_title"])}
</a>"
})
|> raw %>
<% :post_deleted -> %>
<%= dgettext("activity", "The post %{post} was deleted by %{profile}.", %{
profile: "<b>#{escaped_display_name_and_username(@activity.author)}</b>",
post: "<b>#{escape_html(@activity.subject_params["post_title"])}</b>"
})
|> raw %>
<% end %>