Currently, if I use the [node:diff] token in a sanitized context (e.g., sending a mimemail email), the output is run through check_plain(). Instead of seeing a table, I see the literal text <table>….

Since the token's replacement text contains HTML, I think it should be using filter_xss() instead of check_plain()?

CommentFileSizeAuthor
#1 token-sanitize-2401143-1.patch700 bytessmokris

Comments

smokris’s picture

smokris
Location Athens, Ohio, USA
commented
Status: Active » Needs review
StatusFileSize
new token-sanitize-2401143-1.patch700 bytes

Patch attached.

smokris’s picture

smokris
Location Athens, Ohio, USA
commented
Issue summary: View changes
blake.thompson’s picture

blake.thompson commented

I agree, I was just dealing with this exact issue yesterday and this patch works.

ajwn’s picture

ajwn commented

I can confirm this simple change will set $output to be usable in both plain text and HTML emails. I currently have this patched for our installation to have workbench email functioning correctly. Please roll into the next release.

Thanks.

Abelito’s picture

Abelito commented
Status: Needs review » Reviewed & tested by the community

The patch works for me! Thanks.

Status: Reviewed & tested by the community » Needs work

The last submitted patch, 1: token-sanitize-2401143-1.patch, failed testing.

  • Alan D. committed bf67790 on 7.x-3.x authored by smokris 
    Issue #2401143 by smokris: In sanitized [node:diff] token, table HTML is...
alan d.’s picture

alan d. commented
Status: Needs work » Fixed

Nice, looks good to me :)

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.