Hotfix 2024-03-13 XSS and Mail (!3217) · Merge requests · foodsharing-dev / foodsharing

Stefan C requested to merge hotfix-2024-03-13 into production Mar 13, 2024

What does this MR do?

This MR fix some XSS vulnerabilities and adds error handling for BCC received mails !3219 (merged) and !3171 (merged) should be included

It might break some HTML formatting, where untrusted content is used

added a test, or explain why one is not needed/possible...
no unrelated changes
asked someone for a code review
set a "for:" label to indicate who will be affected by this change
added to the next milestone (see https://gitlab.com/foodsharing-dev/foodsharing/-/milestones, unless it has a "for:Dev" label)
added an entry to CHANGELOG.md
added a short text in the release notes to /release-notes/YYYY-MM.md
Once your MR has been merged, you are responsible to create a testing issue in the Beta Testing forum: https://foodsharing.de/region?bid=734&sub=forum. Please change the MRs label to "state:Beta testing".
- Consider writing a detailed description in German.
- Describe in a few sentences, what should be tested from a user perspective.
- Also mention different settings (e.g. different browsers, roles, ...) how this change can be tested.
- Be aware, that also non technical people should understand.