Auto-escape only the HTML part

vintasoftware / django-templated-email

Django module to easily send templated emails using django templates, or using a transactional mail provider (mailchimp, silverpop, etc.)

MIT License

711 stars 130 forks source link

Auto-escape only the HTML part #120

Closed bblanchon closed 3 years ago

bblanchon commented 4 years ago

This PR enables auto-escaping on the HTML part but not on the plain text and subject parts. It fixes #108, fixes #109, and closes #111 with a simpler alternative that doesn't rely on html.parser.

It relies on https://github.com/clokep/django-render-block/pull/21, that's why I bumped the requirement to django-render-block==0.8.

coveralls commented 4 years ago

Coverage decreased (-96.8%) to 0.0% when pulling ce1af7b4d3e77f8a241cccc367e174d434651183 on bblanchon:autoescape-only-html into cba05a7b0f355acdc18174acd1ae468ad77e023d on vintasoftware:develop.

adevore commented 3 years ago

The tests are failing on several version compatibility issues. Basically, the older Django versions are breaking version compatibility checks that are improperly left as ">=" dependencies. Perhaps it's time to drop support for versions that are mostly now well into EOL? Alternatively, pin the attrs version and separate out tox-requirements.txt and requirements.txt?

fjsj commented 3 years ago

@tuliolages please review, update to main, and fix any tests if necessary. It would be good as well to have a test that assert the escaping is being made.

tuliolages commented 3 years ago

For now I'll close this one in preference of #129 which updates your branch and add some tests. Thanks for the PR and sorry we couldn't review it before.