Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Subscriptions: Unsupported shortcodes not stripped from email notifications #869

Open
csonnek opened this Issue · 20 comments

11 participants

Carolyn Sonnek George Stephanis Jeremy Herve Sheriziya pep- Joey Kudish Tim Moraitis Jen Richard Archambault Chase Livingston Sam Hotchkiss
Carolyn Sonnek
Owner

When a user uses a shortcode that isn't part of Jetpack in a blog post, the actual shortcode is sent via the email notification to subscribers in the body of the email rather than being stripped out. For example:

[dropcap custom_class="normal"]L[/dropcap]orem ipsum...

In the blog post, it looks like this: http://d.pr/i/niwT

But in the email, the full shortcode [dropcap custom_class="normal"]L[/dropcap]orem ipsum... is displayed in the email.

I recommend that shortcodes that aren't supported by Jetpack be stripped in the email notifications to avoid the emails being unreadable for subscribers.

George Stephanis

The difficulty is that unless we have an index of all registered shortcodes, we can't strip them out, without also stripping out normal content that the user may have in brackets.

Also, even if we sync the list of available shortcodes to wpcom, when using shortcodes with opening and closing tags, should the contents be kept as plain text? Or dropped as 'part of the shortcode'? I'd tend toward the former, and it's certainly better than the status quo.

This is also not explicitly a subscriptions issue, as it also happens for content that displays in the reader, and even via the WordPress.com XMPP server subscriptions.

Jeremy Herve
Owner

That's an old issue, and also affects Publicize. See 4301-wpcom for more reports.

The difficulty is that unless we have an index of all registered shortcodes, we can't strip them out, without also stripping out normal content that the user may have in brackets.

Can't we use something like strip_shortcodes() in this case?

Sheriziya

If you'd do that, what would happen with the data of the shortcode which displays a full post content? I'm thinking about the Pods Shortcode i.e. I'm using Pods and the shortcode makes it able for me to set up an automated template system where I've got the data in a database, which can change per post. The shortcode parses everything to and through the template.

Or the Unity webplayer plugin (UnityDog), i.e. which doesn't produce text, but a game made with the Unity Engine being displayed in your browser.

Jeremy Herve
Owner

As far as I know, strip_shortcodes() only removes the shortcode tags, but not the content within the tags.

Sheriziya

hmmm... If you say "the content within the tags", what exactly do you mean? Everything between the brackets is being processed? Or you have an "open" tag and a "close tag" like the dropcap shortcode and everything between the open and close tag is shown?

I'm asking it, because I've got plugins installed which don't have an open and close tag like the Dropcap.
What happens if it removed the shortcode tags from something like this (the UnityDog shortcode):
[unity src="622"] which makes the webplayer appear, like here: http://fantasygamecreations.com/2014/07/15/testing-yet-again-a-test-for-the-unity-webplayer/
Or the pods shortcode:
[pods name="gameprojects" slug="76" template="game_full_details"] which produces the content from the pods, like you can see here (everything below the slideshow is from the pods shortcode): http://fantasygamecreations.com/2014/06/28/test-post-for-game-project-information-from-pod/

Jeremy Herve
Owner

[unity src="622"]
[pods name="gameprojects" slug="76" template="game_full_details"]

You won't be able to display content from these 2 shortcodes outside of WordPress, since both shortcodes rely on WordPress and on libraries added by the plugins. So it doesn't make sense to display these shortcodes at all in a notification email or a Publicize excerpt, in my opinion.

Sheriziya

You're absolutely right about that. But if I make a post and these codes are in it, they'll automatically be sent to the subscriber if they get the full post instead of a possible manual excerpt, right? Or am I wrong about that?

Jeremy Herve
Owner

But if I make a post and these codes are in it, they'll automatically be sent to the subscriber if they get the full post instead of a possible manual excerpt, right?

You're absolutely correct. That's what @csonnek mentioned above with the dropcap plugin example, and that's what we would need to fix with this issue.

Sheriziya

So somehow the fix should be able to distinguish between a shortcode that has actual content and a shortcode that needs WP, the libraries and databases from the plugins..... If Jetpack would give the option to include shortcodes (instead of someone manually having to go through thousands of plugins to check what the shortcode actually does), there would have to be a check or a warning or something where it becomes clear that the shortcode has to have actual content. Or perhaps an option where users can add shortcodes that rely on the content of plugins (like UnityDog and Pods) to exclude thos shortcodes from the notification email or the publicize excerpt.
I don't know if this is convenient and/or userfriendly, but I can imagine myself using it. After all, you;d only have to set it one time at the start of using the plugin, right?

pep-

Is there anything plugin authors can do to mitigate this on their side?

Jeremy Herve
Owner

Is there anything plugin authors can do to mitigate this on their side?

I'm afraid not, as this is happening on WordPress.com servers.

Joey Kudish
Owner

The reported issue doesn't affect Publicize or Team Partnerships so I removed those labels. We have it logged elsewhere to deal with shortcodes better within the context of Publicize

Tim Moraitis

The solution I would like to see is run do_shortcode() to the full length post, then strip out all the HTML that are not the allowed HTML email tags. The allowed HTML email tags could be p, a, strong, em, img, and so on.

So if someone has short code that adds disclaimers or other content they would like in the HTML email, it will not get deleted the way that strip_shortcode() would. For my site we have gray boxes around recipes that are made with shortcode, so strip_shortcode() would delete the most important part of the post.

I am curious where the source for the posts are gathered by Jetpack to make the emails. I tried modifying the RSS feed, but that does not seem to be the source.

Jen
Owner

Also reported here: 2076027-t

Richard Archambault
Owner

Also 2094857-t

Jen
Owner

2108180-t

Chase Livingston

2109247-t

Sam Hotchkiss

@moraitis - I like this direction

Since the emails get sent from WordPress.com, not your local server, maybe we add a custom field on the post called rendered_content, where we store the content after do_shortcode has been run on it? (And sync that field to wpcom)

Anybody have any thoughts on this idea? Not sure if it's just crazy talk...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.