fix(messages): avatar paths and HTML stripping in message preview

- Fix avatar_path already contains 'uploads/' prefix, don't double it - Use url_for('static') for all avatar img src attributes - Strip HTML tags from message preview in inbox with |striptags Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-20 11:36:57 +01:00 · 2026-03-20 11:36:57 +01:00 · 1cc6bc4e6c
commit 1cc6bc4e6c
parent 097ab28bba
4 changed files with 7 additions and 7 deletions
--- a/templates/messages/group_compose.html
+++ b/templates/messages/group_compose.html
@ -379,7 +379,7 @@
 (function() {
    var users = [
        {% for user in users %}
-        {id: {{ user.id }}, name: {{ (user.name or user.email.split('@')[0]) | tojson }}, email: {{ user.email | tojson }}, companyName: {{ (user._company_name or '') | tojson }}, avatarPath: {{ (user.avatar_path or '') | tojson }}}{{ ',' if not loop.last }}
+        {id: {{ user.id }}, name: {{ (user.name or user.email.split('@')[0]) | tojson }}, email: {{ user.email | tojson }}, companyName: {{ (user._company_name or '') | tojson }}, avatarPath: {% if user.avatar_path %}{{ url_for('static', filename=user.avatar_path) | tojson }}{% else %}""{% endif %}}{{ ',' if not loop.last }}
        {% endfor %}
    ];

--- a/templates/messages/group_manage.html
+++ b/templates/messages/group_manage.html
@ -383,7 +383,7 @@
                    <td>
                        <div class="member-cell">
                            {% if m.user.avatar_path %}
-                            <img src="{{ m.user.avatar_path }}" class="member-avatar" alt="">
+                            <img src="{{ url_for('static', filename=m.user.avatar_path) }}" class="member-avatar" alt="">
                            {% else %}
                            <div class="member-initial">{{ (m.user.name or m.user.email)[0].upper() }}</div>
                            {% endif %}
@ -465,7 +465,7 @@
 (function() {
    var availableUsers = [
        {% for user in available_users %}
-        {id: {{ user.id }}, name: {{ (user.name or user.email.split('@')[0]) | tojson }}, email: {{ user.email | tojson }}, companyName: {{ (user._company_name or '') | tojson }}, avatarPath: {{ (user.avatar_path or '') | tojson }}}{{ ',' if not loop.last }}
+        {id: {{ user.id }}, name: {{ (user.name or user.email.split('@')[0]) | tojson }}, email: {{ user.email | tojson }}, companyName: {{ (user._company_name or '') | tojson }}, avatarPath: {% if user.avatar_path %}{{ url_for('static', filename=user.avatar_path) | tojson }}{% else %}""{% endif %}}{{ ',' if not loop.last }}
        {% endfor %}
    ];

--- a/templates/messages/group_view.html
+++ b/templates/messages/group_view.html
@ -363,7 +363,7 @@
            {% for m in members %}
            <div class="member-item">
                {% if m.user.avatar_path %}
-                <img src="{{ m.user.avatar_path }}" class="member-avatar" alt="">
+                <img src="{{ url_for('static', filename=m.user.avatar_path) }}" class="member-avatar" alt="">
                {% else %}
                <div class="member-initial">{{ (m.user.name or m.user.email)[0].upper() }}</div>
                {% endif %}
@ -386,7 +386,7 @@
            {% for msg in messages %}
            <div class="group-message">
                {% if msg.sender.avatar_path %}
-                <img src="{{ msg.sender.avatar_path }}" class="msg-avatar" alt="">
+                <img src="{{ url_for('static', filename=msg.sender.avatar_path) }}" class="msg-avatar" alt="">
                {% else %}
                <div class="msg-initial {% if msg.sender_id == current_user.id %}is-me{% endif %}">
                    {{ (msg.sender.name or msg.sender.email)[0].upper() }}
--- a/templates/messages/inbox.html
+++ b/templates/messages/inbox.html
@ -388,7 +388,7 @@
            <a href="{{ url_for('messages_view', message_id=msg.id) }}" class="message-item {% if not msg.is_read %}unread{% endif %}">
                <div class="message-avatar">
                    {% if msg.sender.avatar_path %}
-                    <img src="{{ url_for('static', filename='uploads/' + msg.sender.avatar_path) }}" style="width: 100%; height: 100%; border-radius: 50%; object-fit: cover;">
+                    <img src="{{ url_for('static', filename=msg.sender.avatar_path) }}" style="width: 100%; height: 100%; border-radius: 50%; object-fit: cover;">
                    {% else %}
                    {{ (msg.sender.name or msg.sender.email)[0].upper() }}
                    {% endif %}
@ -412,7 +412,7 @@
                        <span class="message-date">{{ msg.created_at.strftime('%d.%m.%Y %H:%M') }}</span>
                    </div>
                    <div class="message-bottom-row">
-                        <span class="message-preview">{{ msg.content[:100] }}{% if msg.content|length > 100 %}…{% endif %}</span>
+                        <span class="message-preview">{{ msg.content|striptags|truncate(100) }}</span>
                        <span class="message-sender">Od: <strong>{{ msg.sender.name or msg.sender.email.split('@')[0] }}</strong></span>
                    </div>
                    {% if not msg.is_read %}