From f7e0a67095df4f89739a38ff5d288be739d8c238 Mon Sep 17 00:00:00 2001
From: Sangho Na <sangho@nsh.nz>
Date: Thu, 10 Oct 2024 08:49:05 +1300
Subject: [PATCH] fix: turn off automatic escaping in session request templates
 (#8007)

* fix: turn off automatic escaping in session request templates

* test: ensure no unwanted escaping in session request emails

* test: use PersonFactory to create test users

* test: minor refactoring
---
 ietf/secr/sreq/tests.py                       | 56 ++++++++++++++++++-
 .../sreq/session_cancel_notification.txt      |  5 +-
 .../sreq/session_request_notification.txt     |  4 +-
 3 files changed, 59 insertions(+), 6 deletions(-)

diff --git a/ietf/secr/sreq/tests.py b/ietf/secr/sreq/tests.py
index 7fb13f179..847b993e1 100644
--- a/ietf/secr/sreq/tests.py
+++ b/ietf/secr/sreq/tests.py
@@ -13,9 +13,10 @@ from ietf.group.factories import GroupFactory, RoleFactory
 from ietf.meeting.models import Session, ResourceAssociation, SchedulingEvent, Constraint
 from ietf.meeting.factories import MeetingFactory, SessionFactory
 from ietf.name.models import ConstraintName, TimerangeName
+from ietf.person.factories import PersonFactory
 from ietf.person.models import Person
 from ietf.secr.sreq.forms import SessionForm
-from ietf.utils.mail import outbox, empty_outbox, get_payload_text
+from ietf.utils.mail import outbox, empty_outbox, get_payload_text, send_mail
 from ietf.utils.timezone import date_today
 
 
@@ -78,6 +79,32 @@ class SessionRequestTestCase(TestCase):
         self.assertRedirects(r,reverse('ietf.secr.sreq.views.main'))
         self.assertEqual(SchedulingEvent.objects.filter(session=session).order_by('-id')[0].status_id, 'deleted')
 
+    def test_cancel_notification_msg(self):
+        to = "<iesg-secretary@ietf.org>"
+        subject = "Dummy subject"
+        template = "sreq/session_cancel_notification.txt"
+        meeting = MeetingFactory(type_id="ietf", date=date_today())
+        requester = PersonFactory(name="James O'Rourke", user__username="jimorourke")
+        context = {"meeting": meeting, "requester": requester}
+        cc = "cc.a@example.com, cc.b@example.com"
+        bcc = "bcc@example.com"
+
+        msg = send_mail(
+            None,
+            to,
+            None,
+            subject,
+            template,
+            context,
+            cc=cc,
+            bcc=bcc,
+        )
+        self.assertEqual(requester.name, "James O'Rourke")  # note ' (single quote) in the name
+        self.assertIn(
+            f"A request to cancel a meeting session has just been submitted by {requester.name}.",
+            get_payload_text(msg),
+        )
+
     def test_edit(self):
         meeting = MeetingFactory(type_id='ietf', date=date_today())
         mars = RoleFactory(name_id='chair', person__user__username='marschairman', group__acronym='mars').group
@@ -701,6 +728,33 @@ class SubmitRequestCase(TestCase):
         self.assertNotIn('1 Hour, 1 Hour, 1 Hour', notification_payload)
         self.assertNotIn('The third session requires your approval', notification_payload)
 
+    def test_request_notification_msg(self):
+        to = "<iesg-secretary@ietf.org>"
+        subject = "Dummy subject"
+        template = "sreq/session_request_notification.txt"
+        header = "A new"
+        meeting = MeetingFactory(type_id="ietf", date=date_today())
+        requester = PersonFactory(name="James O'Rourke", user__username="jimorourke")
+        context = {"header": header, "meeting": meeting, "requester": requester}
+        cc = "cc.a@example.com, cc.b@example.com"
+        bcc = "bcc@example.com"
+
+        msg = send_mail(
+            None,
+            to,
+            None,
+            subject,
+            template,
+            context,
+            cc=cc,
+            bcc=bcc,
+        )
+        self.assertEqual(requester.name, "James O'Rourke")  # note ' (single quote) in the name
+        self.assertIn(
+            f"{header} meeting session request has just been submitted by {requester.name}.",
+            get_payload_text(msg),
+        )
+
     def test_request_notification_third_session(self):
         meeting = MeetingFactory(type_id='ietf', date=date_today())
         ad = Person.objects.get(user__username='ad')
diff --git a/ietf/secr/templates/sreq/session_cancel_notification.txt b/ietf/secr/templates/sreq/session_cancel_notification.txt
index 3e6dd43f6..8aee6c89d 100644
--- a/ietf/secr/templates/sreq/session_cancel_notification.txt
+++ b/ietf/secr/templates/sreq/session_cancel_notification.txt
@@ -1,4 +1,3 @@
-{% load ams_filters %}
-
-A request to cancel a meeting session has just been submitted by {{ requester }}.
+{% autoescape off %}{% load ams_filters %}
 
+A request to cancel a meeting session has just been submitted by {{ requester }}.{% endautoescape %}
diff --git a/ietf/secr/templates/sreq/session_request_notification.txt b/ietf/secr/templates/sreq/session_request_notification.txt
index a41f20244..75f2cbbae 100644
--- a/ietf/secr/templates/sreq/session_request_notification.txt
+++ b/ietf/secr/templates/sreq/session_request_notification.txt
@@ -1,5 +1,5 @@
-{% load ams_filters %}
+{% autoescape off %}{% load ams_filters %}
 
 {% filter wordwrap:78 %}{{ header }} meeting session request has just been submitted by {{ requester }}.{% endfilter %}
 
-{% include "includes/session_info.txt" %}
+{% include "includes/session_info.txt" %}{% endautoescape %}