Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

BUG: Spaces in personalization values breaks links #188

Open
4 tasks
kalbfled opened this issue Dec 19, 2024 · 0 comments
Open
4 tasks

BUG: Spaces in personalization values breaks links #188

kalbfled opened this issue Dec 19, 2024 · 0 comments

Comments

@kalbfled
Copy link
Member

kalbfled commented Dec 19, 2024

Description

  • Ticket is understood, and QA has been contacted (if the ticket has a QA label).
  • This work is added to the sprint review slide deck (key win bullet point and demo slide)

Templates can have placeholders in links. For example, consider this template body:

To make a payment, please visit [this link](https://www.va.gov/((path))/.

Now consider what happens when the user supplies the personalization path=this is a path. Prior to the changes for #169, this converted to:

<p>To make a payment, please visit <a href="https://www.va.gov/this is a path/">this link</a>.</p>

That is syntactically correct HTML, and it renders as expected in an e-mail client. However, the link is invalid, and the recipient will be met with a 404 upon clicking the link.

After the changes for #169, the same input converts to:

<p>To make a payment, please visit [this link]<a href="https://www.va.gov/this">https://www.va.gov/this</a> is a path/.</p>

Visually, this is obviously wrong, but the link is broken in both cases. The root cause might be that the newer version of Mistune parses URLs slightly differently. The difference in parsing seems to be upstream of customizations made in Utils.

Steps to Reproduce

  1. In the portal or via Postman, send yourself an e-mail message using the template "QA All The Formatting," and observe the broken links. Alternatively, just look here.

We are alerting users about this problem and asking them to ensure any customizations they insert into URLs are properly escaped. This should include the URL path and also parameters (i.e. ?v1=1&v2=2).

Impact/Urgency

This was already broken, so the impact and urgency should be low.

Expected Behavior

  • Spaces in URL paths and parameters are properly escaped and do not brink lines. The HTML is as expected.

The fix is probably to preprocess the input and replace spaces in URLs with proper escape characters.

QA Considerations

  • Exercise the edge cases

Additional Info & Resources

Relevant RFC. Spaces are permitted but should utilize % encoding.

insert action link is an example of a preprocessing function. Note how that is used in template.py.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

5 participants