0

I have an email that gets sent which outputs the text of HTTP error responses. If the response ever includes Javascript code in <script> tags (and some HTML code) then the Gmail (and many other email clients) strip out the code.

Also, if there is anything after the </script> that seems to get stripped out as well.

How can I make it so that the Javascript code is not stripped out and just gets included as plain text in the body of an HTML email?

Employee
  • 2,231
  • 3
  • 33
  • 60
  • 7
    You could try replacing all the `<` with `<` – Taplar Jun 07 '19 at 17:21
  • 3
    so encode it as plain text – epascarello Jun 07 '19 at 17:21
  • 3
    `
    ` and `` tags are available
     – daddygames Jun 07 '19 at 17:22
  • 1
    `<\script>` should be ``. That's why everything after it gets stripped, you didn't properly end the script. – Barmar Jun 07 '19 at 18:19
  • 1
    Why are you trying to send HTML mail with JavaScript in the first place? I don't think any mail clients will execute it. – Barmar Jun 07 '19 at 18:20
  • 1
    HTTP error responses should never contain any HTML tags. You should just encode everything -- in PHP use `htmlentities()`. – Barmar Jun 07 '19 at 18:21
  • Taplar is on the right track, but there's more to it than that. Not sure how much more. https://stackoverflow.com/questions/7381974/which-characters-need-to-be-escaped-in-html has some answers, but I haven't read it thoroughly. My guess is you should escape `<` to `<`, `>` to `>` and `&` to `&`. (But escape the `&`s first, otherwise it will go `<` -> `<` -> `&lt;`, which will be displayed as `<`.) I think you can safely ignore where that link mentions contexts such as script tags - there won't be any ` – David Knipe Jun 07 '19 at 21:19
  • @Taplar That worked, thank you. – Employee Jun 20 '19 at 16:29
  • @Barmar This is for a response I'm getting from an external API which I have no control over. Normally I get text-only responses from the API but recently I've been getting ones that start with Javascript code. Also, I wasn't trying to execute the code, I just wanted to see what it was and the only way I can be notified of it was through email. It turns out it was related to the New Relic Browser software on the API server. – Employee Jun 20 '19 at 16:32

1 Answers1

0

I think you can use HTML entities

&#x3C;script&#x3E;code&#x3C;/script&#x3E;

or

&lt;script&gt;code&lt;/script&gt;

should become

<script>code</script>

when rendered

You can use this tool

Bidstrup
  • 1,597
  • 2
  • 16
  • 32