Disable Rails XSS protection in ActionMailer views

Updated . Posted . Visible to the public.

This might eventually be fixed by Rails itself.\
Right now this is the way to have the rails_xss plugin not escape the body of ActionMailer mails.

Put this into config/initializers/mailers_without_rails_xss.rb:

mailers_without_rails_xss.rb
Arne Hartherz
makandra.com
Say thanks
Last edit
Attachments
mailers_without_rails_xss.rb
Keywords
mail, e-mail, email, rails_xss, html_safe
License
Source code in this card is licensed under the MIT License.

Related cards:

Auto-generating plain-text bodies for HTML e-mails in Rails apps

When building an application that sends e-mails to users, you want to avoid those e-mails from being classified as spam. Most obvious scoring issues will not be relevant to you because you are not a spammer.

However, your application must do one ...

Run a POP3 server on a directory of mail files with popthis

popthis is awesome when used with inaction_mailer.

Setup inaction_mailer

Install the gem:
sudo...

ActionMailer sometimes breaks e-mails with multiple recipients in Rails 2

The ActionMailer in Rails 2 depends on a buggy version of TMail, which sometimes inserts a blank line into the mail header when sending a mail to multiple recipients. This makes the header end prematurely.

The re...

How to remove/disable the automatic XSS protection helper html escaping for Rails 3

How to remove/disable the automatic XSS protection helper html escaping for Rails 3.

This is probably a horrible idea.

ActionMailer: Previewing mails directly in your email client

In Rails, we usually have a mailer setup like this:

class MyMailer < ActionMailer::Base

  def newsletter
    mail to: 'receiver@host.tld',
      from: 'sender@host.tld',
      subject: 'My mail'
  end

end

If you want to preview you...

Test your application's e-mail spam scoring with mail-tester.com

You can use mail-tester.com to check your application's e-mails for issues that might cause e-mails to be classified as spam.

They provide a one-time e-mail addresses that you can use to sign up etc. You can then c...

Can I Email: Check what styling email clients support

The french Tilt Studio built a caniuse clone for email clients.

Note that while checking styling support helps using (or not using) certain features, it cannot substitute for [checking the actual rendering in real clients](...

Rails: Different flavors of concatting HTML safe strings in helpers

This card describes different flavors for concatting HTML safe strings in a helper method in Rails. You might want to use the tag helper instead of the [con...

MailStyle: A HTML Email Plugin for Ruby on Rails | Purify Blog

MailStyle allows you to write the css for your html emails as you normally would, then writes the styles inline when you send your emails. It also makes sure that your image paths are absolute rather than relative.

Rails: How to write custom email interceptors

Nowadays it is fairly easy to intercept and modify mails globally before they are sent. All you have to do is register an interceptor class which responds to `.deliver...

Posted by Arne Hartherz to makandra dev (2010-09-07 08:51)
This website uses short-lived cookies to improve usability.
or learn more