Open msymons opened 5 years ago
The system does not have control over how vulnerability intelligence providers encode their data. The most common is a combination of Markdown and HTML entity encoding. Therefor Markdown decoding and HTML entity decoding may be required.
For Markdown, use of https://github.com/atlassian/commonmark-java (TextContentRenderer) may be required.
Double decoding of large text fields will have a performance impact.
Issue Type:
Current Behavior:
Dependency-Track v3.4.1 email alerts (which use Template Mimetype "text/plain") are not encoding/decoding correctly... when the advisory (as viewed in DT UI) displays a single quote, the email alert from DT has
'
. This makes emails rather hard to read, as can be seen here:The screenshot does also illustrate a couple of other issues:
Steps to Reproduce (if defect):
I have seen the
'
issue affecting alerts relating to multiple npm components. egI have not yet seen the issue for Maven components... but the explanation is because I've only just enabled both alerts and npm analysis (following upgrade to DT v3.4.1) and no maven alerts have yet been generated!
Anyway, for npm.
Expected Behavior:
Email alerts should decode encoded characters correctly.
Environment: