Ensure links in notifications footer are not escaped

Signed-off-by: Rémy Coutable <remy@rymai.me>
2018-08-03 11:50:47 +02:00 · 2018-08-03 11:50:47 +02:00 · c0c9e5dd6f
parent 9db5245153
commit c0c9e5dd6f
3 changed files with 10 additions and 1 deletions
--- a/app/views/layouts/notify.html.haml
+++ b/app/views/layouts/notify.html.haml
@ -14,7 +14,7 @@
        %br
        - if @target_url
          - if @reply_by_email
-            = _('Reply to this email directly or %{view_it_on_gitlab}.') % { view_it_on_gitlab: link_to(_("view it on GitLab"), @target_url) }
+            = _('Reply to this email directly or %{view_it_on_gitlab}.').html_safe % { view_it_on_gitlab: link_to(_("view it on GitLab"), @target_url) }
          - else
            #{link_to _("View it on GitLab"), @target_url}.
          %br
--- a/changelogs/unreleased/49899-merge-request-e-mail-link-has-full-url.yml
+++ b/changelogs/unreleased/49899-merge-request-e-mail-link-has-full-url.yml
@ -0,0 +1,5 @@
+---
+title: Ensure links in notifications footer are not escaped
+merge_request: 21000
+author:
+type: fixed
--- a/spec/support/shared_examples/notify_shared_examples.rb
+++ b/spec/support/shared_examples/notify_shared_examples.rb
@ -87,6 +87,10 @@ shared_examples 'an email starting a new thread with reply-by-email enabled' do
  include_examples 'an email with X-GitLab headers containing project details'
  include_examples 'a new thread email with reply-by-email enabled'

+  it 'includes "Reply to this email directly or <View it on GitLab>"' do
+    expect(subject.default_part.body).to include(%(Reply to this email directly or <a href="#{Gitlab::UrlBuilder.build(model)}">view it on GitLab</a>.))
+  end
+
  context 'when reply-by-email is enabled with incoming address with %{key}' do
    it 'has a Reply-To header' do
      is_expected.to have_header 'Reply-To', /<reply+(.*)@#{Gitlab.config.gitlab.host}>\Z/