Skip to content

Commit 78eb1ae

Browse files
committed
More escaping for HMTL alerts that contain objects
1 parent 1cf4ee6 commit 78eb1ae

1 file changed

Lines changed: 9 additions & 1 deletion

File tree

Modules/CIPPCore/Public/New-CIPPAlertTemplate.ps1

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -280,9 +280,17 @@ function New-CIPPAlertTemplate {
280280
}
281281

282282
if ($Format -eq 'html') {
283+
# Escape curly braces in content variables so the -f format operator
284+
# does not interpret data values (e.g. JSON in drift/standards) as placeholders
285+
$FmtTitle = [string]$Title -replace '\{', '{{' -replace '\}', '}}'
286+
$FmtIntroText = [string]$IntroText -replace '\{', '{{' -replace '\}', '}}'
287+
$FmtButtonUrl = [string]$ButtonUrl -replace '\{', '{{' -replace '\}', '}}'
288+
$FmtButtonText = [string]$ButtonText -replace '\{', '{{' -replace '\}', '}}'
289+
$FmtAfterButtonText = [string]$AfterButtonText -replace '\{', '{{' -replace '\}', '}}'
290+
$FmtAuditLogLink = [string]$AuditLogLink -replace '\{', '{{' -replace '\}', '}}'
283291
return [pscustomobject]@{
284292
title = $Title
285-
htmlcontent = $HTMLTemplate -f $Title, $IntroText, $ButtonUrl, $ButtonText, $AfterButtonText, $AuditLogLink
293+
htmlcontent = $HTMLTemplate -f $FmtTitle, $FmtIntroText, $FmtButtonUrl, $FmtButtonText, $FmtAfterButtonText, $FmtAuditLogLink
286294
}
287295
} elseif ($Format -eq 'json') {
288296
if ($InputObject -eq 'auditlog') {

0 commit comments

Comments
 (0)