Similar issue to https://github.com/mysociety/alaveteli-professional/issues/549

Reopening following a user report of an issue occurring when being prompted to sign in to send a follow-up message to the Information Commissioner's Office.

See screenshot:

Reopening following a user report of an issue occurring when being prompted to sign in to send a follow-up message to the Information Commissioner's Office.

See screenshot:

This issue appears to be occurring because the authority_name in the web parameter passed from followups_controller.rb to ask_to_login (application_controller.rb) are not html safe. A fix, modelled off #4807, should be fairly easy.

Example:
PostRedirect Create (2.1ms) INSERT INTO "post_redirects" ("token", "uri", "post_params_yaml", "created_at", "updated_at", "email_token", "reason_params_yaml") VALUES ($1, $2, $3, $4, $5, $6, $7) RETURNING "id" [["token", "lir1ci3sf16tgyn9dz0"], ["uri", "/request/118/followups/new/32"], ["post_params_yaml", "--- !ruby/object:ActionController::Parameters\nparameters: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n controller: followups\n action: new\n request_id: '118'\n incoming_message_id: '32'\npermitted: false\n"], ["created_at", "2022-07-23 16:25:21.391941"], ["updated_at", "2022-07-23 16:25:21.391941"], ["email_token", "e3ein3t7nw9ciluqz2y"], ["reason_params_yaml", "---\n:web: To send a follow up message to Information Commissioner's Office\n:email: Then you can write follow up message to Information Commissioner's Office.\n:email_subject: Write your FOI follow up message to Information Commissioner's\n Office\n:user_name: Joe Admin\n:user_url: [redacted]/user/joe_admin\n"]]

Fix: change info_request.public_body.name to info_request.public_body.name.html_safe in followups_controller.rb.

Rectified output:

PostRedirect Create (0.7ms) INSERT INTO "post_redirects" ("token", "uri", "post_params_yaml", "created_at", "updated_at", "email_token", "reason_params_yaml") VALUES ($1, $2, $3, $4, $5, $6, $7) RETURNING "id" [["token", "cydi3si43p66xmft587"], ["uri", "/request/118/followups/new/32"], ["post_params_yaml", "--- !ruby/object:ActionController::Parameters\nparameters: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n controller: followups\n action: new\n request_id: '118'\n incoming_message_id: '32'\npermitted: false\n"], ["created_at", "2022-07-23 17:45:07.169448"], ["updated_at", "2022-07-23 17:45:07.169448"], ["email_token", "fz53xxu39vsfxtgw8p5"], ["reason_params_yaml", "---\n:web: To send a follow up message to Information Commissioner's Office\n:email: Then you can write follow up message to Information Commissioner's Office.\n:email_subject: Write your FOI follow up message to Information Commissioner's Office\n:user_name: Joe Admin\n:user_url: [redacted]/user/joe_admin\n"]]

PR for followups_controller.rb raised in #7186

Issue noted today with the confirmation email for a user-user message.

Encoded apostrophises were present in the user's name in the subject and body of the message.

Message in question:

Please click on the link below to confirm your email address. Then you can send a message to....

This issue has been automatically closed due to a lack of discussion or resolution for over 12 months.
Should we decide to revisit this issue in the future, it can be reopened.