Commit Graph

5 Commits

Author SHA1 Message Date
Mike Dalessio 0c10622672 Fix double-escaped HTML entities in webhook payloads
`Event::Description#to_plain_text` now returns an html-safe string to
prevent double-escaping when the ERB template renders the basecamp
and campfire payloads.

ref: https://3.basecamp.com/2914079/buckets/27/card_tables/cards/9574495379
2026-02-13 03:25:59 -05:00
Mike Dalessio 4ead778e12 Backfill tests for Event::Description strings' html-safety 2026-02-12 15:52:56 -05:00
Stanko K.R. 0df667f4fb Fix HTML injection in webhooks through card titles 2025-12-22 12:20:32 +01:00
Jorge Manrubia 676c2a42fe Always use the creator name for the plain text form
You does not make sense for webhooks
2025-11-06 14:16:01 +01:00
Jorge Manrubia 82adcecfb1 Add some sanity tests for event descriptions 2025-11-06 11:05:42 +01:00