nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-05-22 03:54:33 -05:00
Code

HTML encode sanitized inputs for email templates (#1138)

Browse Source
This commit is contained in:
Kyle Spearrin 2021-02-11 14:39:13 -05:00 committed by GitHub
parent 6cc317c4ba
commit 7c9ea83ad2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/Core/Utilities/CoreHelpers.cs
View File

@ -503,9 +503,10 @@ namespace Bit.Core.Utilities
public static string SanitizeForEmail(string value) public static string SanitizeForEmail(string value)
{ {
return value.Replace("@", "[at]") var cleanedValue = value.Replace("@", "[at]")
.Replace("http://", string.Empty) .Replace("http://", string.Empty)
.Replace("https://", string.Empty); .Replace("https://", string.Empty);
return HttpUtility.HtmlEncode(cleanedValue);
} }
public static string DateTimeToTableStorageKey(DateTime? date = null) public static string DateTimeToTableStorageKey(DateTime? date = null)
@ -558,7 +559,7 @@ namespace Bit.Core.Utilities
{ {
return TokenIsValid("OrganizationUserInvite", protector, token, userEmail, orgUserId, globalSettings); return TokenIsValid("OrganizationUserInvite", protector, token, userEmail, orgUserId, globalSettings);
} }
public static bool TokenIsValid(string firstTokenPart, IDataProtector protector, string token, string userEmail, public static bool TokenIsValid(string firstTokenPart, IDataProtector protector, string token, string userEmail,
Guid id, GlobalSettings globalSettings) Guid id, GlobalSettings globalSettings)
{ {