Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No (useful) content in mail, if there are shortcodes #139

Open
Erenor opened this issue Mar 9, 2018 · 7 comments
Open

No (useful) content in mail, if there are shortcodes #139

Erenor opened this issue Mar 9, 2018 · 7 comments

Comments

@Erenor
Copy link

Erenor commented Mar 9, 2018
edited
Loading

When using this plugin (version 3.8.1) together with others like BP Activity Plus, the mails users receive contain the exact activity's content, for example:

[bpfb_images] 1_0-48931900-1520595052_big-kudu-1.jpg [/bpfb_images]

This, of course, gives no idea about the Activity contents. A solution would be to use the function do_shortcode() to "evaluate" content before using it in mails, to give users a preview of the Activity.
@Erenor Erenor changed the title No content in mail, if there are shortcodes No (useful) content in mail, if there are shortcodes Mar 9, 2018
@Erenor Erenor closed this as completed Mar 9, 2018
@Erenor Erenor reopened this Mar 9, 2018
@boonebgorges
Copy link
Owner

Thanks for the report.

It feels to me like blanket evaluation of all shortcodes is probably not a great idea. Many shortcodes are used to embed iframes or other interactive content that won't work in various ways in emails.

Does it seem reasonable to have a filter that would allow site owners to toggle the processing of shortcodes? Or maybe we can have a whitelist of shortcodes that are processed by default, with a filter to allow more? (Not sure off the top of my head whether the latter is technically easy to do.) @r-a-y Do you have thoughts about an approach?

@Erenor
Copy link
Author

Erenor commented Mar 13, 2018

The latter (whitelist of shortcodes) would involve a bit of work when managing the content string.

I do like the idea of a flag in BPGES' settings to allow site owners activate/deactivate the parsing of the content. Of course, this should be an "on/off" option, to avoid too many computation with the shortcodes whitelist (regex and so on).
As you said, I got some issues with the "video" upload in BPAP plugin, when the mail application tries to render the iframe and the Javascript code, but I feel it is a "minor" issue when compared to the "blank" output it currently provides.

@r-a-y
Copy link
Collaborator

r-a-y commented Mar 13, 2018

Does it seem reasonable to have a filter that would allow site owners to toggle the processing of shortcodes? Or maybe we can have a whitelist of shortcodes that are processed by default, with a filter to allow more? (Not sure off the top of my head whether the latter is technically easy to do.) @r-a-y Do you have thoughts about an approach?

We could enable do_shortcode() to run, and then we could apply our own version of KSES that will run afterwards so it would strip stuff like <iframe> tags.

I guess we'd need to decide what tags are supported. A good elements list to look at would be bbPress' KSES filter:
https://bbpress.trac.wordpress.org/browser/tags/2.5.14/includes/common/formatting.php#L15

We'd also need to test how images would look in the default BP email template. I'm not sure how responsive the template is.

@boonebgorges
Copy link
Owner

We could enable do_shortcode() to run, and then we could apply our own version of KSES that will run afterwards so it would strip stuff like <iframe> tags.

This seems really complicated. I found a couple guides around the web that give lists of HTML tags and CSS properties that are "universally" supported by clients. But even this is probably not enough to do the necessary parsing. For example, <img> tags work in general, but they won't work if the src is relative rather than absolute. Another example: HTML that depends on enqueued scripts or styles to work/look good will not work in email. So I think that the parsing would have to be on a per-shortcode basis, rather than per-tag. And then we could probably enable some built-in shortcodes that we are pretty confident will work (like maybe WP's caption or some shortcodes from common plugins like bbPress and BPAP), and put a filter in place for site owners to add more.

@r-a-y
Copy link
Collaborator

r-a-y commented Mar 14, 2018

If we were to go with the per-shortcode approach, we would still need an email KSES regardless.

For example, @Erenor notes that BP Activity Plus has a video upload option that converts their shortcode into an <iframe> element. Obviously, that would not work for email and we would need to strip that. That's where our version of KSES would kick in.

@boonebgorges
Copy link
Owner

Yes, I guess that's good for extra safety. But if shortcode processing is opt-in on a per-shortcode basis, then the onus of verifying that the shortcode output is email-compatible is on the person who's adding the shortcode to the whitelist. So the BPAP video shortcode should not be added.

@r-a-y
Copy link
Collaborator

r-a-y commented Mar 14, 2018

I was under the impression that BP Activity Plus had only one shortcode, but if it uses two different shortcodes for images and video, then sure.

I still think limiting the shortcodes doesn't make much sense because if you implement a few shortcodes and KSES, you're basically halfway there. Why not just remove the shortcode restriction?

Parsing just individual shortcodes would also be additional work for us as WordPress doesn't have a function to run just individual shortcodes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@boonebgorges @r-a-y @Erenor