Skip to content
This repository has been archived by the owner on Nov 28, 2022. It is now read-only.

Commit

Permalink
Fixed sanitization of user invited emails for notification message (#…
Browse files Browse the repository at this point in the history 
…1060) (#1067)

no issue

- Escaped email ids string sent to notification message during blog setup

Credits: Antony Garand
  • Loading branch information
@allouis @kevinansfield
allouis authored and kevinansfield committed Nov 7, 2018
1 parent 40133be commit e5329d5
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion app/controllers/setup/three.js
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import Controller from 'ember-controller';
import Ember from 'ember';
import RSVP from 'rsvp';
import computed, {alias} from 'ember-computed';
import {A as emberA} from 'ember-array/utils';
Expand Down Expand Up @@ -200,7 +201,7 @@ export default Controller.extend({
if (erroredEmails.length > 0) {
invitationsString = erroredEmails.length > 1 ? ' invitations: ' : ' invitation: ';
message = `Failed to send ${erroredEmails.length} ${invitationsString}`;
message += erroredEmails.join(', ');
message += Ember.Handlebars.Utils.escapeExpression(erroredEmails.join(', '));
message += ". Please check your email configuration, see <a href=\'https://docs.ghost.org/v0.11.9/docs/mail-config\' target=\'_blank\'>https://docs.ghost.org/v0.11.9/docs/mail-config</a> for instructions";

message = htmlSafe(message);
Expand Down

0 comments on commit e5329d5

Please sign in to comment.