From: Andy Allan <git@gravitystorm.co.uk>
Date: Wed, 25 Nov 2020 14:37:38 +0000 (+0000)
Subject: Avoid calling raw in plain text email templates
X-Git-Tag: live~2790^2~2
X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/cc1d9592dfeed000be9e5ff2cce4ef4e5fd929eb

Avoid calling raw in plain text email templates

Rails doesn't escape text in text/plain outputs, since before Rails 4.

See https://github.com/rails/rails/pull/8235
---

diff --git a/app/views/user_mailer/diary_comment_notification.text.erb b/app/views/user_mailer/diary_comment_notification.text.erb
index b86c303ae..cbf9ddaa0 100644
--- a/app/views/user_mailer/diary_comment_notification.text.erb
+++ b/app/views/user_mailer/diary_comment_notification.text.erb
@@ -3,7 +3,7 @@
 <%= t '.header', :from_user => @from_user, :subject => @title %>
 
 ==
-<%= raw @text.to_text %>
+<%= @text.to_text %>
 ==
 
 <%= t '.footer', :readurl => @readurl, :commenturl => @commenturl, :replyurl => @replyurl %>
diff --git a/app/views/user_mailer/message_notification.text.erb b/app/views/user_mailer/message_notification.text.erb
index b3a74bb88..6bd7393d7 100644
--- a/app/views/user_mailer/message_notification.text.erb
+++ b/app/views/user_mailer/message_notification.text.erb
@@ -1,9 +1,9 @@
-<%= raw t '.hi', :to_user => @to_user %>
+<%= t '.hi', :to_user => @to_user %>
 
-<%= raw t '.header', :from_user => @from_user, :subject => @title %>
+<%= t '.header', :from_user => @from_user, :subject => @title %>
 
 ==
-<%= raw @text.to_text %>
+<%= @text.to_text %>
 ==
 
 <%= word_wrap(t '.footer_html', :readurl => @readurl, :replyurl => @replyurl) %>