I'm executing a campaign using the REST API and came across an interesting situation / issue.
When one of the token values passed in contains two hash / pound symbols consecutively "##" the token replacement / template "breaks" and unexpected results occur:
Value passed in: "PUcL#xPJE##0" (it's an auto-generated character sequence for a temporary password that happens to include the # as an option. In this case the random generator put two # together)
The value passed into the token above becomes the following in the e-mail received:
Thanks for any advice you can provide!
A "##" in a token is used to comment out your code in velocity. For example, this code has a couple comments explaining what is happening on the following lines:
##Check is value meets conditions of code
##Default value defined here
You're having an issue because velocity is interpreting any characters after your double hash as a comment, not a part of the code itself to be executed.
Thanks Chris - I appreciate that fact and I've seen this documentation.
I believe however it's a problem not to accept the tokens "as-is" when passed in. If a token value contains ## then Velocity should somehow parse the token and escape the ##.
I don't imagine many users would purposely pass in ## in a token and expect it to be used as a comment? I may be wrong.
Just to clarify, my code does not contain ##, the token value that I pass in contains ## and thus should be escaped automatically, imo.
There would be no way for the server to know you didn't mean the reserved character. That's what escaping literals is all about, in any language.
The escape for hash is.
You're going to have to tweak your velocity to accommodate the hashing
You can remove # from your password generator if that's an option