From 6f4885d86dc6d7d4d0f042e3ce5886ba91b5b520 Mon Sep 17 00:00:00 2001
From: Rhys <nghuutho74@gmail.com>
Date: Tue, 19 Nov 2024 20:08:37 +0700
Subject: [PATCH] Encode invitee email in the invitation link (#10842)

---
 api/controllers/console/workspace/members.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/api/controllers/console/workspace/members.py b/api/controllers/console/workspace/members.py
index 8f694c65e0ddfd..38ed2316a58935 100644
--- a/api/controllers/console/workspace/members.py
+++ b/api/controllers/console/workspace/members.py
@@ -1,3 +1,5 @@
+from urllib import parse
+
 from flask_login import current_user
 from flask_restful import Resource, abort, marshal_with, reqparse
 
@@ -57,11 +59,12 @@ def post(self):
                 token = RegisterService.invite_new_member(
                     inviter.current_tenant, invitee_email, interface_language, role=invitee_role, inviter=inviter
                 )
+                encoded_invitee_email = parse.quote(invitee_email)
                 invitation_results.append(
                     {
                         "status": "success",
                         "email": invitee_email,
-                        "url": f"{console_web_url}/activate?email={invitee_email}&token={token}",
+                        "url": f"{console_web_url}/activate?email={encoded_invitee_email}&token={token}",
                     }
                 )
             except AccountAlreadyInTenantError: