Double escape error in notification emails

Highlighted
Shopify Partner
8 1 4

Problem: When a discount's title has escapable entities in it, Shopify incorrectly escapes them twice in the abandoned checkout notification template (and presumably others).

 

Example: Currently the abandoned checkout notification template has the following line in it:

{{ discount_allocation.discount_application.title | upcase }}

A discount with the title Free shipping for "My Product" discount is currently being rendered as:

FREE SHIPPING FOR "MY PRODUCT" DISCOUNT

...which as you'd expect, will get shown to the customer with the ampersand HTML entity displayed like this: FREE SHIPPING FOR "MY PRODUCT" DISCOUNT

 

As you can see the first round of escaping happens before the "upcase" filter (since QUOT is capitalised), and then the second round happens after (when the ampersands get escaped to the lowercase "&").

 

Can this be fixed? Or have I overlooked something? A google search found this Github issue suggesting the problem also existed in the format_address filter, but has since been fixed.

 

Temporary workaround: For others experiencing this issue, we're currently using this workaround for our clients:

{{ discount_allocation.discount_application.title | upcase | replace: '&', '&' }}

Thanks,

Andrew.

1 Like
Highlighted
Shopify Partner
14 0 1

Hey Andrew,

We encountered a similar escape-related issue with displaying custom sizes stored as line item properties in order confirmation emails. For example, if the user had selected a custom size of 1" x 1", it was incorrectly displaying in the email as 1" x 1" instead. After trying all kinds of string filters to address this issue (escape, strip_html, replace, etc), this solution actually worked:

{% assign custom_size = property.last | replace: 'amp', '' | replace: '&', '' | replace: ';', '' | replace: 'quot', '"' %}

Not sure why a simple replace: '"' doesn't work. Seems like a Shopify bug to me. 🤷‍ 

Just wanted to share here in case anyone else encounters a similar issue! 

0 Likes