Problem/Motivation

lib/Drupal/Core/Mail/MailManagerInterface.php:   *         $message['subject'] = t('Notification from !site', $variables, $options);
lib/Drupal/Core/Mail/MailManagerInterface.php:   *         $message['body'][] = t("Dear !username\n\nThere is new content available on the site.", $variables, $options);

modules/contact/contact.module:      $message['subject'] .= t('[!form] !subject', $variables, $options);
modules/contact/contact.module:      $message['body'][] = t("!sender-name (!sender-url) sent a message using the contact form at !form-url.", $variables, $options);
modules/contact/contact.module:      $message['subject'] .= t('[!form] !subject', $variables, $options);
modules/contact/contact.module:      $message['subject'] .= t('[!site-name] !subject', $variables, $options);
modules/contact/contact.module:      $message['body'][] = t('Hello !recipient-name,', $variables, $options);
modules/contact/contact.module:      $message['body'][] = t("!sender-name (!sender-url) has sent you a message via your contact form at !site-name.", $variables, $options);
modules/contact/contact.module:      $message['body'][] = t("If you don't want to receive such emails, you can change your settings at !recipient-edit-url.", $variables, $options);
modules/contact/src/MailHandler.php:      $sender_cloned->name = $this->t('!name (not verified)', array('!name' => $message->getSenderName()));
modules/update/update.module:  $message['subject'] .= t('New release(s) available for !site_name', array('!site_name' => \Drupal::config('system.site')->get('name')), array('langcode' => $langcode));
modules/update/update.module:    $message['body'][] = t('Your site is currently configured to send these emails when any updates are available. To get notified only for security updates, !url.', array('!url' => $settings_url));
modules/update/update.module:    $message['body'][] = t('Your site is currently configured to send these emails only when security updates are available. To get notified for any available updates, !url.', array('!url' => $settings_url));

Proposed resolution

* htmlToText already converts to txt
* Email subjects needs to remove all html.

Beta phase evaluation

See #2506427: [meta] !placeholder causes strings to be escaped and makes the sanitization API harder to understand.

Remaining tasks

User interface changes

Ideally, fewer completely unexpected double-escaping bugs.

API changes

None.

CommentFileSizeAuthor
#17 2572597-17.patch10.98 KBalexpott
#17 12-17-interdiff.txt875 bytesalexpott
#12 2572597-12.patch10.98 KBalexpott
#12 9-12-interdiff.txt914 bytesalexpott
#9 2572597-9.patch10.09 KBalexpott
#9 6-9-interdiff.txt1.75 KBalexpott
#6 2572597-6.patch9.15 KBbircher
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

dawehner created an issue. See original summary.

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
CreditAttribution: alexpott at Chapter Three commented
Status: Active » Closed (duplicate)
Related issues: +#2509218: Ensure that SafeString objects can be used in non-HTML contexts

This is a duplicate of #2509218: Ensure that SafeString objects can be used in non-HTML contexts

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
CreditAttribution: alexpott at Chapter Three commented
Status: Closed (duplicate) » Postponed

Actually let's postpone this on #2509218: Ensure that SafeString objects can be used in non-HTML contexts since the patch there is not addressing this.

Berdir’s picture

Berdir
Primary language German
Location Switzerland
CreditAttribution: Berdir at MD Systems GmbH commented
Component: views.module » mail system
bircher’s picture

bircher
Location 🇨🇿
CreditAttribution: bircher at Nuvole commented
Assigned: Unassigned » bircher
bircher’s picture

bircher
Location 🇨🇿
CreditAttribution: bircher at Nuvole commented
Assigned: bircher » Unassigned
FileSize
2572597-6.patch9.15 KB

@replace escapes the markup, so we need to un-escape it again before using it.

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
CreditAttribution: alexpott at Chapter Three commented
Status: Postponed » Needs work

This can now be done - we need to convert the html to plain text in PhpMail - we also need to document how mail's handle the their context.

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
CreditAttribution: alexpott at Chapter Three commented
Assigned: Unassigned » alexpott
alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
CreditAttribution: alexpott at Chapter Three commented
Assigned: alexpott » Unassigned
Status: Needs work » Needs review
FileSize
6-9-interdiff.txt1.75 KB
2572597-9.patch10.09 KB

So looking at MailFormatHelper::htmlToText() I don't think there is anything we need to do with email bodies.

I think it might be nice to document what we do to email subject.

lauriii’s picture

lauriii
he/him
Primary language Finnish
Location Finland
CreditAttribution: lauriii at Druid commented
Status: Needs review » Reviewed & tested by the community

MailFormatHelper::htmlToText() seems to know what its doing..

The patch is RTBC for me.

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
CreditAttribution: alexpott at Chapter Three commented
Status: Reviewed & tested by the community » Needs work

Going to document the behaviour.

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
CreditAttribution: alexpott at Chapter Three commented
Status: Needs work » Needs review
FileSize
9-12-interdiff.txt914 bytes
2572597-12.patch10.98 KB

Added some docs.

dawehner’s picture

dawehner
Primary language German
CreditAttribution: dawehner as a volunteer commented
Status: Needs review » Reviewed & tested by the community 
+++ b/core/lib/Drupal/Core/Mail/MailInterface.php
@@ -53,7 +53,8 @@ public function format(array $message);
    *   - subject: Subject of the email to be sent. This must not contain any
-   *     newline characters, or the mail may not be sent properly.
+   *     newline characters, or the mail may not be sent properly. The subject
+   *     is converted to the plain text by the mail plugin manager.
    *   - body: Message to be sent. Accepts both CRLF and LF line-endings.
    *     Email bodies must be wrapped. For smart plain text wrapping you can use
    *     \Drupal\Core\Mail\MailFormatHelper::wrapMail() .

It feels a little bit bad to not exlicitly document what 'body' does, but we don't change it as part of the patch.

dawehner’s picture

dawehner
Primary language German
CreditAttribution: dawehner as a volunteer commented
Issue summary: View changes
stefan.r’s picture

stefan.r CreditAttribution: stefan.r commented

RTBC++

lauriii’s picture

lauriii
he/him
Primary language Finnish
Location Finland
CreditAttribution: lauriii at Druid commented

RTBC++

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
CreditAttribution: alexpott at Chapter Three commented
FileSize
12-17-interdiff.txt875 bytes
2572597-17.patch10.98 KB

Minor fix to the comment.

  • catch committed 9684382 on 8.0.x 
    Issue #2572597 by alexpott, bircher: Replace !placeholder with @...
catch’s picture

catch
he/him
Primary language English
CreditAttribution: catch at Tag1 Consulting for Drupal Association commented
Status: Reviewed & tested by the community » Fixed

Committed/pushed to 8.0.x, thanks!

Berdir’s picture

Berdir
Primary language German
Location Switzerland
CreditAttribution: Berdir at MD Systems GmbH commented

I don't think that mail subjects should be run through strip_tags(), see #2575791: Mail subject should not be run through strip_tags() as a follow-up.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.