fix: escaping in action rule templating (#3632)

* fix: escaping in action rule templating * chore: release note
2026-03-11 20:44:32 -05:00 · 2024-10-11 21:07:57 +02:00
parent 37ad584826
commit 05dda5f9d7
3 changed files with 19 additions and 1 deletions
--- a/packages/loot-core/src/server/accounts/rules.test.ts
+++ b/packages/loot-core/src/server/accounts/rules.test.ts
@@ -327,6 +327,16 @@ describe('Action', () => {
      expect(item.notes).toBe('Hey Sarah! You just payed 10');
    });

+    test('should not escape text', () => {
+      const action = new Action('set', 'notes', '', {
+        template: '{{notes}}',
+      });
+      const note = 'Sarah !@#$%^&*()<> Special';
+      const item = { notes: note };
+      action.exec(item);
+      expect(item.notes).toBe(note);
+    });
+
    describe('regex helper', () => {
      function testHelper(template: string, expected: unknown) {
        test(template, () => {
--- a/packages/loot-core/src/server/accounts/rules.ts
+++ b/packages/loot-core/src/server/accounts/rules.ts
@@ -565,7 +565,9 @@ export class Action {
      this.field = field;
      this.type = typeName;
      if (options?.template) {
-        this.handlebarsTemplate = Handlebars.compile(options.template);
+        this.handlebarsTemplate = Handlebars.compile(options.template, {
+          noEscape: true,
+        });
        try {
          this.handlebarsTemplate({});
        } catch (e) {
--- a/upcoming-release-notes/3632.md
+++ b/upcoming-release-notes/3632.md
@@ -0,0 +1,6 @@
+---
+category: Bugfix
+authors: [UnderKoen]
+---
+
+Fix escaping in action rules templating