Fixed sanitization of user invited emails for notification message (#1060) (1.x backport)
no issue - Escaped email ids string sent to notification message during blog setup Credits: Antony Garand
This commit is contained in:
parent
512d6d8262
commit
81bf6a1f44
|
@ -1,6 +1,7 @@
|
|||
/* eslint-disable ghost/ember/alias-model-in-controller */
|
||||
import Controller, {inject as controller} from '@ember/controller';
|
||||
import DS from 'ember-data';
|
||||
import Ember from 'ember';
|
||||
import RSVP from 'rsvp';
|
||||
import validator from 'npm:validator';
|
||||
import {alias} from '@ember/object/computed';
|
||||
|
@ -228,7 +229,7 @@ export default Controller.extend({
|
|||
if (erroredEmails.length > 0) {
|
||||
invitationsString = erroredEmails.length > 1 ? ' invitations: ' : ' invitation: ';
|
||||
message = `Failed to send ${erroredEmails.length} ${invitationsString}`;
|
||||
message += erroredEmails.join(', ');
|
||||
message += Ember.Handlebars.Utils.escapeExpression(erroredEmails.join(', '));
|
||||
message += '. Please check your email configuration, see <a href=\'https://docs.ghost.org/v1.0.0/docs/mail-config\' target=\'_blank\'>https://docs.ghost.org/v1.0.0/docs/mail-config</a> for instructions';
|
||||
|
||||
message = htmlSafe(message);
|
||||
|
|
Loading…
Reference in New Issue