dev: Add email preview tool #10381
Merged
dev: Add email preview tool #10381
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Betree
force-pushed
the
dev/email-preview
branch
2 times, most recently
from
65687f3 to
2034a3a
Compare
Betree
force-pushed
the
dev/email-preview
branch
from
2034a3a to
70c385c
Compare
|
|
||
| const renderResult = renderEmail(templateName); | ||
| const attributes = getTemplateAttributes(renderResult.html); | ||
| res.send(attributes.body); |
Check warning
Code scanning / CodeQL
Exception text reinterpreted as HTML Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 2 months ago
To fix the problem, we need to ensure that the attributes.body is properly sanitized before being sent in the response. This can be achieved by using a library like sanitize-html to strip any potentially dangerous HTML content from the attributes.body.
- Import the
sanitize-htmllibrary. - Use the
sanitize-htmlfunction to sanitizeattributes.bodybefore sending it in the response.
Suggested changeset
1
scripts/dev/dev-email-preview.ts
| @@ -9,3 +9,3 @@ | ||
| import templates, { isValidTemplate, recompileAllTemplates } from '../../server/lib/emailTemplates'; | ||
| import { stripHTML } from '../../server/lib/sanitize-html'; | ||
| import { stripHTML, sanitizeHTML } from '../../server/lib/sanitize-html'; | ||
| import MOCKS from '../../test/mocks/data'; | ||
| @@ -185,3 +185,3 @@ | ||
| const attributes = getTemplateAttributes(renderResult.html); | ||
| res.send(attributes.body); | ||
| res.send(sanitizeHTML(attributes.body)); | ||
| } catch (error) { |
Copilot is powered by AI and may make mistakes. Always verify output.
Betree
force-pushed
the
dev/email-preview
branch
2 times, most recently
from
fe5dbac to
f6bad0b
Compare
Betree
force-pushed
the
dev/email-preview
branch
from
f6bad0b to
a48cab1
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
A minimalist tool to work on email templates styles and content. Start it with:
List emails
Preview template