diff --git a/lib/tools.js b/lib/tools.js index 4fc8b3964..edd43296c 100644 --- a/lib/tools.js +++ b/lib/tools.js @@ -6,6 +6,7 @@ let Isemail = require('isemail'); let urllib = require('url'); let juice = require('juice'); let jsdom = require('jsdom'); +let he = require('he'); let _ = require('./translate')._; let util = require('util'); @@ -169,7 +170,7 @@ function getMessageLinks(serviceUrl, campaign, list, subscription) { }; } -function formatMessage(serviceUrl, campaign, list, subscription, message, filter) { +function formatMessage(serviceUrl, campaign, list, subscription, message, filter, isHTML) { filter = typeof filter === 'function' ? filter : (str => str); let links = getMessageLinks(serviceUrl, campaign, list, subscription); @@ -180,7 +181,9 @@ function formatMessage(serviceUrl, campaign, list, subscription, message, filter return links[key]; } if (subscription.mergeTags.hasOwnProperty(key)) { - return subscription.mergeTags[key]; + return isHTML ? he.encode(subscription.mergeTags[key], { + useNamedReferences: true + }) : subscription.mergeTags[key]; } return false; }; diff --git a/package.json b/package.json index dab0933f2..b6db168bd 100644 --- a/package.json +++ b/package.json @@ -35,7 +35,7 @@ }, "dependencies": { "async": "^2.1.5", - "aws-sdk": "^2.24.0", + "aws-sdk": "^2.28.0", "bcrypt-nodejs": "0.0.3", "body-parser": "^1.17.1", "bounce-handler": "^7.3.2-fork.2", @@ -64,7 +64,7 @@ "is-url": "^1.2.2", "isemail": "^2.2.1", "jquery-file-upload-middleware": "^0.1.8", - "jsdom": "^9.11.0", + "jsdom": "^9.12.0", "juice": "^4.0.2", "libmime": "^3.1.0", "marked": "^0.3.6", @@ -75,22 +75,22 @@ "multer": "^1.3.0", "multiparty": "^4.1.3", "mysql": "^2.13.0", - "node-gettext": "^2.0.0-rc.0", + "node-gettext": "^2.0.0-rc.1", "node-mocks-http": "^1.6.1", - "nodemailer": "^3.1.5", + "nodemailer": "^3.1.7", "nodemailer-openpgp": "^1.0.2", "npmlog": "^4.0.2", - "openpgp": "^2.4.0", + "openpgp": "^2.5.1", "passport": "^0.3.2", "passport-local": "^1.0.0", "premailer-api": "^1.0.4", "redfour": "^1.0.0", - "redis": "^2.6.5", - "request": "^2.80.0", + "redis": "^2.7.1", + "request": "^2.81.0", "serve-favicon": "^2.4.1", "shortid": "^2.2.8", "slugify": "^1.1.0", - "smtp-server": "^2.0.2", + "smtp-server": "^2.0.3", "striptags": "^3.0.1", "toml": "^2.3.2" } diff --git a/routes/archive.js b/routes/archive.js index df3843796..bd005db17 100644 --- a/routes/archive.js +++ b/routes/archive.js @@ -67,7 +67,7 @@ router.get('/:campaign/:list/:subscription', passport.csrfProtection, (req, res, let render = (view, layout) => { res.render(view, { layout, - message: renderTags ? tools.formatMessage(serviceUrl, campaign, list, subscription, html) : html, + message: renderTags ? tools.formatMessage(serviceUrl, campaign, list, subscription, html, false, true) : html, campaign, list, subscription, @@ -80,6 +80,9 @@ router.get('/:campaign/:list/:subscription', passport.csrfProtection, (req, res, res.render('partials/tracking-scripts', { layout: 'archive/layout-raw' }, (err, scripts) => { + if (err) { + return next(err); + } html = scripts ? html.replace(/<\/body\b/i, match => scripts + match) : html; render('archive/view-raw', 'archive/layout-raw'); }); diff --git a/services/sender.js b/services/sender.js index a76dafa40..400168bba 100644 --- a/services/sender.js +++ b/services/sender.js @@ -371,7 +371,7 @@ function formatMessage(message, callback) { let campaignAddress = [campaign.cid, list.cid, message.subscription.cid].join('.'); - let renderedHtml = renderTags ? tools.formatMessage(configItems.serviceUrl, campaign, list, message.subscription, html) : html; + let renderedHtml = renderTags ? tools.formatMessage(configItems.serviceUrl, campaign, list, message.subscription, html, false, true) : html; let renderedText = (text || '').trim() ? (renderTags ? tools.formatMessage(configItems.serviceUrl, campaign, list, message.subscription, text) : text) : htmlToText.fromString(renderedHtml, { wordwrap: 130