From 6ef8da04eb9141d8bc43bcbbce65d9d80f4dac2d Mon Sep 17 00:00:00 2001
From: rohitsrma <rohitsrmaofficial@gmail.com>
Date: Fri, 27 Oct 2023 18:40:34 +0000
Subject: [PATCH] Ensure updated comments notifications (text) render unescaped
strings
Fixes #11143
---
CHANGELOG.txt | 2 ++
docs/releases/5.2.1.md | 1 +
docs/releases/6.0.md | 1 +
.../templates/wagtailadmin/notifications/updated_comments.txt | 4 ++--
4 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 4fcd78e5b9..6d8110cf0d 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -11,6 +11,7 @@ Changelog
* Fix: Add a fallback background for the editing preview iframe for sites without a background (Ian Price)
* Fix: Preserve whitespace in rendered comments (Elhussein Almasri)
* Fix: Remove search logging from project template so that new projects without the search promotions module will not error (Matt Westcott)
+ * Fix: Ensure text only email notifications for updated comments do not escape HTML characters (Rohit Sharma)
* Docs: Document, for contributors, the use of translate string literals passed as arguments to tags and filters using `_()` within templates (Chiemezuo Akujobi)
* Maintenance: Update BeautifulSoup upper bound to 4.12.x (scott-8)
* Maintenance: Migrate initialization of classes (such as `body.ready`) from multiple JavaScript implementations to one Stimulus controller `w-init` (Chiemezuo Akujobi)
@@ -25,6 +26,7 @@ Changelog
* Fix: Add a fallback background for the editing preview iframe for sites without a background (Ian Price)
* Fix: Remove search logging from project template so that new projects without the search promotions module will not error (Matt Westcott)
+ * Fix: Ensure text only email notifications for updated comments do not escape HTML characters (Rohit Sharma)
* Docs: Fix code example for `{% picture ... as ... %}` template tag (Rezyapkin)
diff --git a/docs/releases/5.2.1.md b/docs/releases/5.2.1.md
index 0763ac6ef4..3fe0622cac 100644
--- a/docs/releases/5.2.1.md
+++ b/docs/releases/5.2.1.md
@@ -16,6 +16,7 @@ depth: 1
* Add a fallback background for the editing preview iframe for sites without a background (Ian Price)
* Remove search logging from project template so that new projects without the search promotions module will not error (Matt Westcott)
+ * Ensure text only email notifications for updated comments do not escape HTML characters (Rohit Sharma)
### Documentation
diff --git a/docs/releases/6.0.md b/docs/releases/6.0.md
index bd44df9a7b..a6aeeefe67 100644
--- a/docs/releases/6.0.md
+++ b/docs/releases/6.0.md
@@ -24,6 +24,7 @@ depth: 1
* Add a fallback background for the editing preview iframe for sites without a background (Ian Price)
* Preserve whitespace in rendered comments (Elhussein Almasri)
* Remove search logging from project template so that new projects without the search promotions module will not error (Matt Westcott)
+ * Ensure text only email notifications for updated comments do not escape HTML characters (Rohit Sharma)
### Documentation
diff --git a/wagtail/admin/templates/wagtailadmin/notifications/updated_comments.txt b/wagtail/admin/templates/wagtailadmin/notifications/updated_comments.txt
index d1eb70186b..276866327f 100644
--- a/wagtail/admin/templates/wagtailadmin/notifications/updated_comments.txt
+++ b/wagtail/admin/templates/wagtailadmin/notifications/updated_comments.txt
@@ -27,8 +27,8 @@
{% trans "New replies:" %}{% for thread in replied_comments %}
- {% trans 'New replies to:' %} "{{ thread.comment.text }}"{% for reply in thread.replies %}
- - "{{ reply.text }}"{% endfor %}{% endfor %}{% endif %}
+ {% trans 'New replies to:' %} "{{ thread.comment.text|safe }}"{% for reply in thread.replies %}
+ - "{{ reply.text|safe }}"{% endfor %}{% endfor %}{% endif %}
{% trans "You can edit the page here:" %} {{ base_url }}{% url 'wagtailadmin_pages:edit' page.id %}
{% endblock %}