debianize-mobilizon/lib/web/templates/email/activity/_comment_activity_item.html.heex
Thomas Citharel 470a3e594b
Correctly escape user-defined names in emails
Closes #1151

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2022-10-31 14:30:40 +01:00

53 lines
2.3 KiB
Plaintext

<%= case @activity.subject do %>
<% :event_comment_mention -> %>
<%= dgettext("activity", "%{profile} mentionned you in a comment under event %{event}.", %{
profile: "<b>#{escaped_display_name_and_username(@activity.author)}</b>",
event:
"<a href=\"#{Routes.page_url(Mobilizon.Web.Endpoint,
:event,
@activity.subject_params["event_uuid"]) |> URI.decode()}\">
#{escape_html(@activity.subject_params["event_title"])}
</a>"
})
|> raw %>
<% :participation_event_comment -> %>
<%= dgettext("activity", "%{profile} has posted an announcement under event %{event}.", %{
profile: "<b>#{escaped_display_name_and_username(@activity.author)}</b>",
event:
"<a href=\"#{Routes.page_url(Mobilizon.Web.Endpoint,
:event,
@activity.subject_params["event_uuid"]) |> URI.decode()}\">
#{escape_html(@activity.subject_params["event_title"])}
</a>"
})
|> raw %>
<% :event_new_comment -> %>
<%= if @activity.subject_params["comment_reply_to"] do %>
<%= dgettext("activity", "%{profile} has posted a new reply under your event %{event}.", %{
profile: "<b>#{escaped_display_name_and_username(@activity.author)}</b>",
event:
"<a href=\"#{Routes.page_url(Mobilizon.Web.Endpoint,
:event,
@activity.subject_params["event_uuid"]) |> URI.decode()}#comment-#{@activity.subject_params["comment_reply_to_uuid"]}-#{@activity.subject_params["comment_uuid"]}\">
#{escape_html(@activity.subject_params["event_title"])}
</a>"
})
|> raw %>
<% else %>
<%= dgettext(
"activity",
"%{profile} has posted a new comment under your event %{event}.",
%{
profile: "<b>#{escaped_display_name_and_username(@activity.author)}</b>",
event:
"<a href=\"#{Routes.page_url(Mobilizon.Web.Endpoint,
:event,
@activity.subject_params["event_uuid"]) |> URI.decode()}#comment-#{@activity.subject_params["comment_uuid"]}\">
#{escape_html(@activity.subject_params["event_title"])}
</a>"
}
)
|> raw %>
<% end %>
<% end %>