-
Notifications
You must be signed in to change notification settings - Fork 3.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(shared): properly unescape button templates (#4852)
- Loading branch information
1 parent
35a261f
commit 609d6b8
Showing
2 changed files
with
158 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -216,4 +216,160 @@ describe('Compile E-mail Template', function () { | |
| expect(subject).to.equal('A title for Header Test'); | ||
| }); | ||
| }); | ||
|
|
||
| describe('Escaping', function () { | ||
| it('should escape editor text in double curly braces', async function () { | ||
| const { html } = await useCase.execute( | ||
| CompileEmailTemplateCommand.create({ | ||
| organizationId: session.organization._id, | ||
| environmentId: session.environment._id, | ||
| layoutId: null, | ||
| preheader: null, | ||
| content: [ | ||
| { | ||
| type: EmailBlockTypeEnum.TEXT, | ||
| content: '<div>{{textUrl}}</div>', | ||
| }, | ||
| ], | ||
| payload: { | ||
| textUrl: 'https://[email protected]', | ||
| }, | ||
| userId: session.user._id, | ||
| contentType: 'editor', | ||
| subject: 'Editor Text Escape Test', | ||
| }) | ||
| ); | ||
|
|
||
| expect(html).to.contain('<div>https://example.com?email=[email protected]</div>'); | ||
| }); | ||
|
|
||
| it('should not escape editor text in triple curly braces', async function () { | ||
| const { html } = await useCase.execute( | ||
| CompileEmailTemplateCommand.create({ | ||
| organizationId: session.organization._id, | ||
| environmentId: session.environment._id, | ||
| layoutId: null, | ||
| preheader: null, | ||
| content: [ | ||
| { | ||
| type: EmailBlockTypeEnum.TEXT, | ||
| content: '<div>{{{textUrl}}}</div>', | ||
| }, | ||
| ], | ||
| payload: { | ||
| textUrl: 'https://[email protected]', | ||
| }, | ||
| userId: session.user._id, | ||
| contentType: 'editor', | ||
| subject: 'Editor Text No Escape Test', | ||
| }) | ||
| ); | ||
|
|
||
| expect(html).to.contain('<div>https://[email protected]</div>'); | ||
| }); | ||
|
|
||
| it('should escape button text in double curly braces', async function () { | ||
| const { html } = await useCase.execute( | ||
| CompileEmailTemplateCommand.create({ | ||
| organizationId: session.organization._id, | ||
| environmentId: session.environment._id, | ||
| layoutId: null, | ||
| preheader: null, | ||
| content: [ | ||
| { | ||
| type: EmailBlockTypeEnum.BUTTON, | ||
| content: '{{buttonText}}', | ||
| url: 'https://example.com', | ||
| }, | ||
| ], | ||
| payload: { | ||
| buttonText: 'https://[email protected]', | ||
| }, | ||
| userId: session.user._id, | ||
| contentType: 'editor', | ||
| subject: 'Editor Button Escape Test', | ||
| }) | ||
| ); | ||
|
|
||
| expect(html).to.contain('https://example.com?email=[email protected]'); | ||
| }); | ||
|
|
||
| it('should not escape button text in triple curly braces', async function () { | ||
| const { html } = await useCase.execute( | ||
| CompileEmailTemplateCommand.create({ | ||
| organizationId: session.organization._id, | ||
| environmentId: session.environment._id, | ||
| layoutId: null, | ||
| preheader: null, | ||
| content: [ | ||
| { | ||
| type: EmailBlockTypeEnum.BUTTON, | ||
| content: '{{{buttonText}}}', | ||
| url: 'https://example.com', | ||
| }, | ||
| ], | ||
| payload: { | ||
| buttonText: 'https://[email protected]', | ||
| }, | ||
| userId: session.user._id, | ||
| contentType: 'editor', | ||
| subject: 'Editor Button Escape Test', | ||
| }) | ||
| ); | ||
|
|
||
| expect(html).to.contain('https://[email protected]'); | ||
| }); | ||
|
|
||
| it('should escape button url in double curly braces', async function () { | ||
| const { html } = await useCase.execute( | ||
| CompileEmailTemplateCommand.create({ | ||
| organizationId: session.organization._id, | ||
| environmentId: session.environment._id, | ||
| layoutId: null, | ||
| preheader: null, | ||
| content: [ | ||
| { | ||
| type: EmailBlockTypeEnum.BUTTON, | ||
| content: 'Click Here To Go To Link!', | ||
| url: '{{buttonUrl}}', | ||
| }, | ||
| ], | ||
| payload: { | ||
| buttonUrl: 'https://[email protected]', | ||
| }, | ||
| userId: session.user._id, | ||
| contentType: 'editor', | ||
| subject: 'Editor Button Escape Test', | ||
| }) | ||
| ); | ||
|
|
||
| expect(html).to.contain('https://example.com?email=[email protected]'); | ||
| }); | ||
|
|
||
| it('should not escape button url in triple curly braces', async function () { | ||
| const { html } = await useCase.execute( | ||
| CompileEmailTemplateCommand.create({ | ||
| organizationId: session.organization._id, | ||
| environmentId: session.environment._id, | ||
| layoutId: null, | ||
| preheader: null, | ||
| content: [ | ||
| { | ||
| type: EmailBlockTypeEnum.BUTTON, | ||
| content: 'Click Here To Go To Link!', | ||
| url: '{{{buttonUrl}}}', | ||
| }, | ||
| ], | ||
| payload: { | ||
| buttonUrl: 'https://[email protected]', | ||
| }, | ||
| userId: session.user._id, | ||
| contentType: 'editor', | ||
| subject: 'Editor Button No Escape Test', | ||
| }) | ||
| ); | ||
|
|
||
| expect(html).to.contain('https://[email protected]'); | ||
| }); | ||
| }); | ||
| }); | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters