Ralph Slooten a078c318e8 Fix(Security): Prevent bypass of Contend Security Policy using stored XSS, and sanitize preview HTML data (DOMPurify) ...

This closes a security hole whereby a bad actor with SMTP access can bypass the CSP headers with a series of specially crafted HTML messages. A special thanks to @bmodotdev for responsibly disclosing the vulnerability and proving information and an initial fix.

2024-07-26 22:02:14 +12:00

..

Attachments.vue

Chore: Refactor JavaScript, use arrow functions instead of "self" aliasing

2024-06-22 13:27:00 +12:00

Headers.vue

Chore: Refactor JavaScript, use arrow functions instead of "self" aliasing

2024-06-22 13:27:00 +12:00

HTMLCheck.vue

Chore: Refactor JavaScript, use arrow functions instead of "self" aliasing

2024-06-22 13:27:00 +12:00

LinkCheck.vue

Chore: Refactor JavaScript, use arrow functions instead of "self" aliasing

2024-06-22 13:27:00 +12:00

Message.vue

Fix(Security): Prevent bypass of Contend Security Policy using stored XSS, and sanitize preview HTML data (DOMPurify)

2024-07-26 22:02:14 +12:00

Release.vue

Feature: Add optional relay recipient blocklist (#333)

2024-07-14 15:04:36 +12:00

Screenshot.vue

Chore: Refactor JavaScript, use arrow functions instead of "self" aliasing

2024-06-22 13:27:00 +12:00

SpamAssassin.vue

Chore: Refactor JavaScript, use arrow functions instead of "self" aliasing

2024-06-22 13:27:00 +12:00