changedetection.io icon indicating copy to clipboard operation
changedetection.io copied to clipboard
Published 2 months ago verified publisher icon dgtlmoon

Issue with "<" character in HTML Notifications not escaped

Open 8rror404 opened this issue 1 year ago • 7 comments

Describe the bug

It appears the < character is not escaped in HTML notifications. The < character does not show and causes problems after it.

Version v0.48.05

How did you install?

Docker

To Reproduce

Steps to reproduce the behavior:

  1. Set notification to HTMLcolor and set an email notification
  2. Set notification body to {{diff_full}}
  3. changes on https://changedetection.io/CHANGELOG.txt do not show the < character and truncate after it.

on the notification:

0.47.00 The line "Visual Selector - Including <button> (#2686)" becomes - "Visual Selector - Including (#2686)"

0.46.00 The notification is truncated after - UI - Extract it cannot cope with <title> No further lines are included in the notification.

Expected behavior The notification body should show the whole {{diff_full}}

Screenshots If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information): Email application: Outlook Email account: gmail

8rror404 avatar Dec 27 '24 14:12 8rror404

wow thanks for this, can you test if its the same with HTML format and HTML color format?

dgtlmoon avatar Dec 27 '24 20:12 dgtlmoon

Hi I have just tested with HTML as requested. The result is the same.

Looking at the HTML source of the notification email, in the example given, the whole of CHANGELOG.txt is contained in the email, but Outlook renders the code. Copy/pasting the HTML from the notification email into chrome/firefox highlights the problem.

This may only be a problem where the web page contains a .txt file and {{diff_full}} converts to HTML?

8rror404 avatar Dec 27 '24 20:12 8rror404

I have further tested Markdown format with the same result. Where the web page is a .txt file, it appears that only Text format notifications display correctly in the notification email.

8rror404 avatar Dec 28 '24 15:12 8rror404

Ok hmm

I have further tested Markdown format with the same result.

I'm not sure what todo about the markdown format, whats the expectation here, that cdio will convert the markdown to HTML, and then send the diff?

dgtlmoon avatar Jan 09 '25 21:01 dgtlmoon

I'm not sure what todo about the markdown format, whats the expectation here, that cdio will convert the markdown to HTML, and then send the diff?

Many thanks for the work done on HTML format notifications. I don't really have any expectations regarding Markdown format, I am not using it at all, and the issue has not come up before.

It was only the change to HTML Color which is perfect for my needs (and now the default format) that was causing real life problems.

8rror404 avatar Jan 09 '25 22:01 8rror404

hmmm but this would break the situation where someone has HTML in their notification body

for example they have some custom HTML

{{diff_full}}

{{some json value}}

..

dgtlmoon avatar Jan 29 '25 08:01 dgtlmoon

I don't know if this helps. but I think the problem only occurs when the watch page is a .txt file, such as https://changedetection.io/CHANGELOG.txt

Rather than escape all the html in the whole notification, can you just escape the characters needed within the portion of the notification that is the actually the .txt file?

8rror404 avatar Jan 29 '25 11:01 8rror404

fixed

dgtlmoon avatar Oct 02 '25 23:10 dgtlmoon