#323 Protect HTML mail project templates from htmlinjection (!996) · Merge requests · GlitchTip / GlitchTip Backend

Frederic Perez requested to merge Fred_Prz/glitchtip-backend:#323-htmlinjection into master Jun 21, 2024

HTML tags can be used in org or project names, these are correctly handled on backend & frontend. However, those names are used in the html mail templates and therefor can be used to inject HTML on behalf of the service. There are several solutions, I suggest this one as it cleans for good.

#323 Protect HTML mail project templates from htmlinjection

Merge request reports