开发者

Rails 3 and devise escaping mailer templates

开发者 https://www.devze.com 2023-02-06 20:34 出处:网络
I\'m using rails 3 and devise for authentication. Translating my mailer templates to anything but the devise default results in html escaping. A particular consequence of this is the confirmation of

I'm using rails 3 and devise for authentication.

Translating my mailer templates to anything but the devise default results in html escaping. A particular consequence of this is the confirmation of new account email includes an invalid confirmation token.

<p><a href=3D"http://localhost:3000/users/confirmation?confirmation_token=
=3D88uo7jetcetc">Confirma=
r mi cuenta</a></p>

The p开发者_开发问答receding 3d is html escaping and should not be there. Using raw and html_safe has no consequence on the output.


Be aware that this effect is sometimes present only in the Console and not present when used in production and/or in actual emails that are sent. This was the case for me; it did not correlate with non-English characters, but did create the "3D" and "=3D" insertions noted above after I modified the confirmation-email - but only in the console-output - complicating testing.

See this issue on Devise Github: http://github.com/plataformatec/devise/issues/2086 ... where it was attributed as a "Rails problem."

If anyone knows of an open ticket, I would like to see this patched, as it would save many hours for many other developers who encounter it for the first time, and simplify testing for all.


Ok if anyone comes across this, here's how I solved it.

If the mailer template included any non english characters, the whole template is escaped. There doesn't seem any way to work around this other than to escape all such characters before rails does.

eg:

%p
    = "!Bienvenido, #{username}!"

%p
    Usted puede confirmar su cuenta a través del siguiente enlace:

%p
    = link_to 'Confirmar mi cuenta', confirmation_url(@resource, :confirmation_token => @resource.confirmation_token.html_safe)

needs be

%p
    = "&#161;Bienvenido, #{username}!"

%p
    Usted puede confirmar su cuenta a trav&eacute;s del siguiente enlace:

%p
    = link_to 'Confirmar mi cuenta', confirmation_url(@resource, :confirmation_token => @resource.confirmation_token.html_safe)


I also had this problem. html_safe worked once I used the rails link_to method.

Bad code

%a{:href => "#{@redemption.link.html_safe}"}= "http://example.com/#{@redemption.model.email_hash}"

Good code

= link_to "http://example.com/#{@redemption.model.email_hash}", @redemption.link.html_safe


I can confirm that I got an email message like this (with the precedding 3D) in console, but not in the real sent message. So, no need to escape anything.

However, for testing purposes, you can add the following code to display email in console only in dev mode:

<% if Rails.env.development?  %>
    <% logger.debug confirmation_url(@resource, confirmation_token: @token) %>
<% end %>
0

精彩评论

暂无评论...
验证码 换一张
取 消