Email template filter too agressive in 2.4.7-p9 , prevent style to be applied in preview #40626
Description
Preconditions and environment
- Magento version: 2.4.7-p9
- the filter used in Email template preview is too agressive and prevent the CSS style to be applied
Steps to reproduce
1 / Create an email marketing template with some styles in the style input and this call in the text input:
<style type="text/css">
{{var template_styles|raw}}
</style>
2/ try to preview the template from the listing email template view => the style is applied
3/ try to preview the template from the template editing view => the style won(t be applied
Expected result
the style should be apply when we preview the template from the template editing view
Actual result
the style is not applied when we preview the template from the template editing view
Additional information
I found where the issue comes from:
in the last security patch 2.4.7-p9, the add a filter on the text template in this file vendor/magento/module-email/Block/Adminhtml/Template/Preview.php, line 68 when we are in the case where the preview came from the editing view (so no id in the POST param).
Here the filter: $template->setTemplateText($this->_maliciousCode->filter($request->getParam('text')));
Because of tat , the style tag are removed from the text , so ther is no {{var template_styles|raw}} anymore, so the style are not applied anymore.
I have made a patch to fix this, si put it as attachment
email-template-preview-styles.patch
Release note
No response
Triage and priority
- Severity: S0 - Affects critical data or functionality and leaves users without workaround.
- Severity: S1 - Affects critical data or functionality and forces users to employ a workaround.
- Severity: S2 - Affects non-critical data or functionality and forces users to employ a workaround.
- Severity: S3 - Affects non-critical data or functionality and does not force users to employ a workaround.
- Severity: S4 - Affects aesthetics, professional look and feel, “quality” or “usability”.