Skip to content

Commit 54e0068

Browse files
authored
fix: Sanitize email template body with HTMLPurifier (#1105)
1 parent 48e7530 commit 54e0068

2 files changed

Lines changed: 7 additions & 3 deletions

File tree

backend/app/Services/Application/Handlers/EmailTemplate/CreateEmailTemplateHandler.php

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,12 +8,14 @@
88
use HiEvents\Repository\Interfaces\EmailTemplateRepositoryInterface;
99
use HiEvents\Services\Application\Handlers\EmailTemplate\DTO\UpsertEmailTemplateDTO;
1010
use HiEvents\Services\Domain\Email\EmailTemplateService;
11+
use HiEvents\Services\Infrastructure\HtmlPurifier\HtmlPurifierService;
1112

1213
class CreateEmailTemplateHandler
1314
{
1415
public function __construct(
1516
private readonly EmailTemplateRepositoryInterface $emailTemplateRepository,
1617
private readonly EmailTemplateService $emailTemplateService,
18+
private readonly HtmlPurifierService $purifier,
1719
)
1820
{
1921
}
@@ -50,7 +52,7 @@ public function handle(UpsertEmailTemplateDTO $dto): EmailTemplateDomainObject
5052
'event_id' => $dto->event_id,
5153
'template_type' => $dto->template_type->value,
5254
'subject' => $dto->subject,
53-
'body' => $dto->body,
55+
'body' => $this->purifier->purify($dto->body),
5456
'cta' => $dto->cta,
5557
'engine' => $dto->engine->value,
5658
'is_active' => $dto->is_active,

backend/app/Services/Application/Handlers/EmailTemplate/UpdateEmailTemplateHandler.php

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,12 +9,14 @@
99
use HiEvents\Repository\Interfaces\EmailTemplateRepositoryInterface;
1010
use HiEvents\Services\Application\Handlers\EmailTemplate\DTO\UpsertEmailTemplateDTO;
1111
use HiEvents\Services\Domain\Email\EmailTemplateService;
12+
use HiEvents\Services\Infrastructure\HtmlPurifier\HtmlPurifierService;
1213

1314
class UpdateEmailTemplateHandler
1415
{
1516
public function __construct(
1617
private readonly EmailTemplateRepositoryInterface $emailTemplateRepository,
17-
private readonly EmailTemplateService $emailTemplateService
18+
private readonly EmailTemplateService $emailTemplateService,
19+
private readonly HtmlPurifierService $purifier,
1820
) {
1921
}
2022

@@ -47,7 +49,7 @@ public function handle(UpsertEmailTemplateDTO $dto): EmailTemplateDomainObject
4749

4850
return $this->emailTemplateRepository->updateFromArray($template->getId(), [
4951
'subject' => $dto->subject,
50-
'body' => $dto->body,
52+
'body' => $this->purifier->purify($dto->body),
5153
'cta' => $dto->cta,
5254
'engine' => $dto->engine->value,
5355
'is_active' => $dto->is_active,

0 commit comments

Comments
 (0)