Don't escape HTML in the subject line of notification emails

2020-03-25 17:18:14 +02:00 · 2020-03-25 17:18:14 +02:00 · 9d2cf4f008
commit 9d2cf4f008
parent 4a43ed59fc
3 changed files with 10 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -8,6 +8,7 @@ All notable changes to this project will be documented in this file.

 ### Bug Fixes
 - "Get a single check" API call now supports read-only API keys (#346)
+- Don't escape HTML in the subject line of notification emails

 ## v1.14.0 - 2020-03-23

--- a/hc/api/tests/test_notify.py
+++ b/hc/api/tests/test_notify.py
@ -345,6 +345,14 @@ class NotifyTestCase(BaseTestCase):
        self.assertEqual(Notification.objects.count(), 0)
        self.assertEqual(len(mail.outbox), 0)

+    def test_email_handles_amperstand(self):
+        self._setup_data("email", "alice@example.org")
+        self.check.name = "Foo & Bar"
+        self.channel.notify(self.check)
+
+        email = mail.outbox[0]
+        self.assertEqual(email.subject, "DOWN | Foo & Bar")
+
    @patch("hc.api.transports.requests.request")
    def test_pd(self, mock_post):
        self._setup_data("pd", "123")
--- a/templates/emails/alert-subject.html
+++ b/templates/emails/alert-subject.html
@ -1,2 +1,2 @@
-{{ check.status|upper }} | {{ check.name_then_code }}
+{{ check.status|upper }} | {{ check.name_then_code|safe }}