From e06a4db5cccbe77ccf022e2f7907d0456db2de6b Mon Sep 17 00:00:00 2001 From: boris324 Date: Wed, 4 Mar 2026 21:00:42 +0000 Subject: [PATCH] Fix double HTML encoding in emergency access emails Emergency access email methods call SanitizeForEmail() with default htmlEncode=true, which HTML-encodes special characters. Handlebars {{Name}} then encodes again, causing names like "Windmuller" to appear as "Windmüller". Other mail methods already correctly pass htmlEncode: false. Apply the same pattern to all 7 emergency access email methods. Resolves #4845 --- src/Core/Platform/Mail/HandlebarsMailService.cs | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/Core/Platform/Mail/HandlebarsMailService.cs b/src/Core/Platform/Mail/HandlebarsMailService.cs index f1be34d037..5fa82c145f 100644 --- a/src/Core/Platform/Mail/HandlebarsMailService.cs +++ b/src/Core/Platform/Mail/HandlebarsMailService.cs @@ -1187,7 +1187,7 @@ public class HandlebarsMailService : IMailService var message = CreateDefaultMessage($"Emergency Access Contact Invite", emergencyAccess.Email); var model = new EmergencyAccessInvitedViewModel { - Name = CoreHelpers.SanitizeForEmail(name), + Name = CoreHelpers.SanitizeForEmail(name, false), Email = WebUtility.UrlEncode(emergencyAccess.Email), Id = emergencyAccess.Id.ToString(), Token = WebUtility.UrlEncode(token), @@ -1218,7 +1218,7 @@ public class HandlebarsMailService : IMailService var message = CreateDefaultMessage($"You Have Been Confirmed as Emergency Access Contact", email); var model = new EmergencyAccessConfirmedViewModel { - Name = CoreHelpers.SanitizeForEmail(grantorName), + Name = CoreHelpers.SanitizeForEmail(grantorName, false), WebVaultUrl = _globalSettings.BaseServiceUri.VaultWithHash, SiteName = _globalSettings.SiteName }; @@ -1235,7 +1235,7 @@ public class HandlebarsMailService : IMailService var model = new EmergencyAccessRecoveryViewModel { - Name = CoreHelpers.SanitizeForEmail(initiatingName), + Name = CoreHelpers.SanitizeForEmail(initiatingName, false), Action = emergencyAccess.Type.ToString(), DaysLeft = emergencyAccess.WaitTimeDays - Convert.ToInt32((remainingTime).TotalDays), }; @@ -1249,7 +1249,7 @@ public class HandlebarsMailService : IMailService var message = CreateDefaultMessage("Emergency Access Approved", email); var model = new EmergencyAccessApprovedViewModel { - Name = CoreHelpers.SanitizeForEmail(approvingName), + Name = CoreHelpers.SanitizeForEmail(approvingName, false), }; await AddMessageContentAsync(message, "Auth.EmergencyAccessApproved", model); message.Category = "EmergencyAccessApproved"; @@ -1261,7 +1261,7 @@ public class HandlebarsMailService : IMailService var message = CreateDefaultMessage("Emergency Access Rejected", email); var model = new EmergencyAccessRejectedViewModel { - Name = CoreHelpers.SanitizeForEmail(rejectingName), + Name = CoreHelpers.SanitizeForEmail(rejectingName, false), }; await AddMessageContentAsync(message, "Auth.EmergencyAccessRejected", model); message.Category = "EmergencyAccessRejected"; @@ -1276,7 +1276,7 @@ public class HandlebarsMailService : IMailService var model = new EmergencyAccessRecoveryViewModel { - Name = CoreHelpers.SanitizeForEmail(initiatingName), + Name = CoreHelpers.SanitizeForEmail(initiatingName, false), Action = emergencyAccess.Type.ToString(), DaysLeft = emergencyAccess.WaitTimeDays - Convert.ToInt32((remainingTime).TotalDays), }; @@ -1290,7 +1290,7 @@ public class HandlebarsMailService : IMailService var message = CreateDefaultMessage("Emergency Access Granted", email); var model = new EmergencyAccessRecoveryTimedOutViewModel { - Name = CoreHelpers.SanitizeForEmail(initiatingName), + Name = CoreHelpers.SanitizeForEmail(initiatingName, false), Action = emergencyAccess.Type.ToString(), }; await AddMessageContentAsync(message, "Auth.EmergencyAccessRecoveryTimedOut", model);