Markdown Mailables converting markup to ascii codes #55528
Comments
|
Hi there, Does your application export/use custom markdown mail template? If so you need to update all default and named slot from The security fix introduce to prevent malicious script from being injected via user input in markdown email. |
PHP Version8.3.19 Hi @crynobone, We're using a custom markdown email setup with // resources/views/emails/foo.blade.php
@component('mail::message')
@foreach ($array as $item)
<b>{{ __('mail.foo') }}:</b> {{ $item['foo'] }}<br>
<b>{{ __('mail.bar') }}:</b> {{ $item['bar'] }}<br><br>
@endforeach
{{ __('mail.foo') }},<br>
{{ config('app.name') }}
@endcomponentAfter the update, the emails are displaying raw HTML instead of rendering properly. Downgrading to Is this the expected behavior now, and should we replace all |
|
We have the same issue on |
|
Same here, and we didn't catch it before deploying to production. We got a couple of hours of HTML emails not rendered properly. The problem comes from this PR: #54737 This is a breaking change for anyone using a custom markdown email setup. The solution offered by @crynobone works totally fine and should be considered the way to go from |
|
11.44.5 has been released to revert the default. However, when dealing with markdown emails generated with generic user input values such as name, addresses etc, it is best to change the template and enable |
|
@crynobone should this be working out of the box? I’ve updated to 11.44.5 and still have the same issue. Reverting to 11.44.2 resolves the issue for me. |
|
Same here! The patch 5 makes us send escaped html when using |
|
Thanks for the workaround @crynobone |
|
I just tested deeper, I strongly think this issue should be reopened (and we should stop playing around with patches while these are breaking changes for anyone using custom markdown email templates) |
|
@jbajou Hey there, thanks for reporting this issue. We'll need more info and/or code to debug this further. Can you please create a repository with the command below, commit the code that reproduces the issue as one separate commit on the main/master branch and share the repository here? Please make sure that you have the latest version of the Laravel installer in order to run this command. Please also make sure you have both Git & the GitHub CLI tool properly set up. Do not amend and create a separate commit with your custom changes. After you've posted the repository, we'll try to reproduce the issue. Thanks! |
|
@crynobone is there a way to create a bug-report for version 11? |
|
@crynobone |
|
@LTKort Changing |
|
@crynobone was something updated regarding this issue in |
|
I think this pull request fixed it for our use case. |
Laravel Version
11.44.3
PHP Version
8.2
Database Driver & Version
No response
Description
After updating our codebase to use v11.44.3 this morning, we started getting reports of emails being malformed and displaying the raw html code instead of the rendered html code. After some investigating we found that this was caused by something in the v11.44.3 update. We were able to fix by downgrading back to v11.44.2, but that's not a great long-term solution. Here's a couple screenshots showing an example:
Steps To Reproduce
Send a markdown mailable using v11.44.3.
The text was updated successfully, but these errors were encountered: