Hi there,
"<%= @submitter.submission.template.name %>" form has been completed by <%= @submitter.submission.submitters.order(:completed_at).map { |e| e.name || e.email || e.phone }.join(', ') %>.
diff --git a/app/views/submitter_mailer/documents_copy_email.html.erb b/app/views/submitter_mailer/documents_copy_email.html.erb index aeef4de8..b0ede421 100644 --- a/app/views/submitter_mailer/documents_copy_email.html.erb +++ b/app/views/submitter_mailer/documents_copy_email.html.erb @@ -1,5 +1,5 @@ <% if @email_config %> - <%= render 'custom_content', content: ReplaceEmailVariables.call(@email_config.value['body'], submitter: @submitter, sig: @sig) %> + <%= render 'custom_content', content: @email_config.value['body'], submitter: @submitter, sig: @sig %> <% else %>Hi there,
Please check the copy of your "<%= @submitter.submission.template.name %>" submission in the email attachments.
diff --git a/app/views/submitter_mailer/invitation_email.html.erb b/app/views/submitter_mailer/invitation_email.html.erb index f26fba32..98f71906 100644 --- a/app/views/submitter_mailer/invitation_email.html.erb +++ b/app/views/submitter_mailer/invitation_email.html.erb @@ -1,6 +1,6 @@ <% if @email_config || @body.present? %> <% body = (@body.presence || @email_config.value['body']).to_s %> - <%= render 'custom_content', content: ReplaceEmailVariables.call(body, submitter: @submitter) %> + <%= render 'custom_content', content: body, submitter: @submitter %> <% if !body.include?(ReplaceEmailVariables::SUBMITTER_LINK) && !body.include?(ReplaceEmailVariables::SUBMITTER_ID) && !body.include?(ReplaceEmailVariables::SUBMISSION_LINK) && !body.include?(ReplaceEmailVariables::TEMPLATE_ID) && !@submitter.submission.source.in?(%w[api embed]) %><%= link_to nil, submit_form_url(slug: @submitter.slug, t: SubmissionEvents.build_tracking_param(@submitter, 'click_email')) %>
<% end %> diff --git a/lib/replace_email_variables.rb b/lib/replace_email_variables.rb index ee0148db..0d158887 100644 --- a/lib/replace_email_variables.rb +++ b/lib/replace_email_variables.rb @@ -20,25 +20,25 @@ module ReplaceEmailVariables module_function # rubocop:disable Metrics - def call(text, submitter:, tracking_event_type: 'click_email', sig: nil) - text = text.gsub(TEMPLATE_NAME) { submitter.template.name } - text = text.gsub(TEMPLATE_ID) { submitter.template.id } - text = text.gsub(SUBMITTER_ID) { submitter.id } - text = text.gsub(SUBMITTER_SLUG) { submitter.slug } - text = text.gsub(SUBMISSION_ID) { submitter.submission.id } - text = text.gsub(SUBMITTER_EMAIL) { submitter.email } - text = text.gsub(SUBMITTER_NAME) { submitter.name || submitter.email || submitter.phone } - text = text.gsub(SUBMITTER_LINK) { build_submitter_link(submitter, tracking_event_type) } - text = text.gsub(SUBMISSION_LINK) do + def call(text, submitter:, tracking_event_type: 'click_email', html_escape: false, sig: nil) + text = replace(text, TEMPLATE_NAME, html_escape:) { submitter.template.name } + text = replace(text, TEMPLATE_ID, html_escape:) { submitter.template.id } + text = replace(text, SUBMITTER_ID, html_escape:) { submitter.id } + text = replace(text, SUBMITTER_SLUG, html_escape:) { submitter.slug } + text = replace(text, SUBMISSION_ID, html_escape:) { submitter.submission.id } + text = replace(text, SUBMITTER_EMAIL, html_escape:) { submitter.email } + text = replace(text, SUBMITTER_NAME, html_escape:) { submitter.name || submitter.email || submitter.phone } + text = replace(text, SUBMITTER_LINK, html_escape:) { build_submitter_link(submitter, tracking_event_type) } + text = replace(text, SUBMISSION_LINK, html_escape:) do submitter.submission ? build_submission_link(submitter.submission) : '' end - text = text.gsub(SUBMISSION_SUBMITTERS) { build_submission_submitters(submitter.submission) } - text = text.gsub(DOCUMENTS_LINKS) { build_documents_links_text(submitter, sig) } - text = text.gsub(DOCUMENTS_LINK) { build_documents_links_text(submitter, sig) } - text = text.gsub(ACCOUNT_NAME) { submitter.submission.account.name } - text = text.gsub(SENDER_NAME) { submitter.submission.created_by_user&.full_name } + text = replace(text, SUBMISSION_SUBMITTERS, html_escape:) { build_submission_submitters(submitter.submission) } + text = replace(text, DOCUMENTS_LINKS, html_escape:) { build_documents_links_text(submitter, sig) } + text = replace(text, DOCUMENTS_LINK, html_escape:) { build_documents_links_text(submitter, sig) } + text = replace(text, ACCOUNT_NAME, html_escape:) { submitter.submission.account.name } + text = replace(text, SENDER_NAME, html_escape:) { submitter.submission.created_by_user&.full_name } - text.gsub(SENDER_EMAIL) { submitter.submission.created_by_user&.email.to_s.sub(/\+\w+@/, '@') } + replace(text, SENDER_EMAIL, html_escape:) { submitter.submission.created_by_user&.email.to_s.sub(/\+\w+@/, '@') } end # rubocop:enable Metrics @@ -48,6 +48,16 @@ module ReplaceEmailVariables ) end + def replace(text, var, html_escape: false) + text.gsub(var) do + if html_escape + ERB::Util.html_escape(yield) + else + yield + end + end + end + def build_submitter_link(submitter, tracking_event_type) if tracking_event_type == 'click_email' Rails.application.routes.url_helpers.submit_form_url(