- Issue created by @hockey2112
- π¦πΊAustralia thomwilhelm Sydney
Same issue here, did you find a solution? In gmail it comes through as:
<p>You may now log in by clicking this link or copying and pasting it into your browser:</p>
etc etc.
- Status changed to Closed: works as designed
about 2 months ago 3:43pm 8 February 2025 - πΊπΈUnited States zengenuity
It's not safe to allow emails to be sent from your site with HTML that may have been entered by untrusted users. For password reset emails, it would probably be fine, but we can't generalize that to everything, such as Webform emails where users can enter anything.
If you want to change the content type of emails for password resets, you can do it in a custom module with a simple hook:
<?php /** * Implements hook_mail_alter(). */ function YOUR_MODULE_NAME_mail_alter(&$message) { if ($message['module'] === 'user' && $message['key'] === 'password_reset') { $message['params']['content_type'] = 'text/html'; $message['params']['text_format'] = 'restricted_html'; } } ?>
If you add something like that to your site, you can then include HTML markup in the template.
Alternatively, you can use the Easy Email module β , and override the password reset with an HTML template. That's what we're doing with Drupal CMS. The easiest way to apply this to your site is with the Express Mail recipe β .