Permalink
Browse files

Stop overzealous escaping in order confirmation emails

This stops double quotes being automatically escaped as " and the like.

Fixes #1103
  • Loading branch information...
radar committed Feb 7, 2012
1 parent 723639c commit 5bef37458007e6b004c978d5f71695151491f95f
Showing with 25 additions and 3 deletions.
  1. +3 −3 core/app/views/spree/order_mailer/confirm_email.text.erb
  2. +22 −0 core/spec/mailers/order_mailer_spec.rb
@@ -6,14 +6,14 @@ Please review and retain the following order information for your records.
Order Summary
============================================================
<% @order.line_items.each do |item| %>
-<%=item.variant.sku %> <%=item.variant.product.name%> <%= item.variant.options_text -%> (<%=item.quantity%>) @ <%= number_to_currency item.price %> = <%= number_to_currency(item.price * item.quantity) %>
+ <%= item.variant.sku %> <%= raw(item.variant.product.name) %> <%= raw(item.variant.options_text) -%> (<%=item.quantity%>) @ <%= number_to_currency item.price %> = <%= number_to_currency(item.price * item.quantity) %>
<% end %>
============================================================
Subtotal: <%= number_to_currency @order.item_total %>
<% @order.adjustments.each do |adjustment| %>
-<%= "#{adjustment.label}: #{number_to_currency adjustment.amount}"%>
+ <%= raw(adjustment.label) %> <%= number_to_currency(adjustment.amount) %>
<% end %>
-Order Total: <%= number_to_currency @order.total %>
+Order Total: <%= number_to_currency(@order.total) %>
Thank you for your business.
@@ -0,0 +1,22 @@
+require 'spec_helper'
+require 'email_spec'
+
+describe Spree::OrderMailer do
+ include EmailSpec::Helpers
+ include EmailSpec::Matchers
+
+ let(:order) do
+ order = stub_model(Spree::Order)
+ product = stub_model(Spree::Product, :name => %Q{The "BEST" product})
+ variant = stub_model(Spree::Variant, :product => product)
+ line_item = stub_model(Spree::LineItem, :variant => variant, :order => order, :quantity => 1, :price => 5)
+ order.stub(:line_items => [line_item])
+ order
+ end
+
+ it "doesn't aggressively escape double quotes in confirmation body" do
+ confirmation_email = Spree::OrderMailer.confirm_email(order)
+ confirmation_email.body.should_not include("&quot;")
+ end
+
+end

0 comments on commit 5bef374

Please sign in to comment.