Strange and arguably wrong escaping of special characters in links outside of href attributes

3 years ago

josef.sabl
Backer | 152
+
0
-

Our problem is as follows. We send typical reset password e-mails using latte. And as anchors are removed in plain-text emails, our markup looks like this

<a n:href='Sign:resetPassword, email="john.doe@gmail.com"'>reset password</a>

<p>
    Link not working?
    {link Sign:resetPassword, email="john.doe@gmail.com"}
</p>

Which generates this:

<a href='https://www.app.cz/reset-password?email=john.doe%40gmail.com'>reset password</a>

<p>
    Link not working?
    https://www.app.cz/reset-password?email=john.doe%40gmail.com
</p>

Looks good? No!

As the second instance of link is NOT an URL now but plain HTML, the at sign (@) should not be escaped. @ is just @ in HTML.

It works in most e-mail clients but not in all apparently as we see many “user john.doe%40gmail.com does not exist” errors in our log.

Is there some way to fix this? Noescape filter doesn't work (also I still want to escape ampersands correctly). Look like but to me.

PS: Hash protection has been omitted for clarity ;-)

https://github.com/…te/issues/91

Last edited by josef.sabl (2015-11-25 14:34)