Ralph Slooten a078c318e8 Fix(Security): Prevent bypass of Contend Security Policy using stored XSS, and sanitize preview HTML data (DOMPurify) ...

This closes a security hole whereby a bad actor with SMTP access can bypass the CSP headers with a series of specially crafted HTML messages. A special thanks to @bmodotdev for responsibly disclosing the vulnerability and proving information and an initial fix.

2024-07-26 22:02:14 +12:00

..

config.go

Fix(Security): Prevent bypass of Contend Security Policy using stored XSS, and sanitize preview HTML data (DOMPurify)

2024-07-26 22:02:14 +12:00

tags.go

Feature: Add option to disable auto-tagging for plus-addresses & X-Tags (#323)

2024-06-28 22:35:07 +12:00