Using the `_html` suffix in an i18n key is the same as using `html_safe`
on it, which means that translation could potentially be used for XSS
attacks.
Sometimes we're interpolating a link inside a translation, and marking
the whole translations as HTML safe.
However, some translations added by admins to the database or through
crowdin are not entirely under our control.
Although AFAIK crowdin checks for potential cross-site scripting
attacks, it's a good practice to sanitize parts of a string potentially
out of our control before marking the string as HTML safe.
It's possible to create a newsletter or a proposed action with
<script> tags by filling in the body using a textarea instead of a
CKEditor. While we trust our administrators not to do so, it's better to
completely eliminate that possibility.
Execute rake task every day to detect new actions available for not archived proposals. If there are new actions available for today, send email to proposal's author with information text, new actions available and link to proposal dashboard url.
- Removed class large-7
- Changed font size preview-email and email
- Changed text color in the email
- Changed some font size and padding in the email
- Added some padding in preview email
- Pass scss-lint
- Changed padding and added font size.
- Inserted normal quotation marks
- Remove class quote
- Added max width mail preview
- Added some styles in the email
- Added image decide_madrid at the end of the email
- Added cover to the image preview poster and PDF
- Passed scss lint
