addressed bugs and concerns around special characters in email templates (#1478)

* addressed bugs and concerns around special characters in email templates * Modified email sanitization rules
2025-07-02 00:22:50 -05:00 · 2021-07-21 12:43:28 -04:00
parent f1238d7b4a
commit 8e97b924d4
2 changed files with 19 additions and 11 deletions
--- a/src/Core/Utilities/CoreHelpers.cs
+++ b/src/Core/Utilities/CoreHelpers.cs
@ -555,12 +555,20 @@ namespace Bit.Core.Utilities
            return sb.ToString();
        }

-        public static string SanitizeForEmail(string value)
+        public static string SanitizeForEmail(string value, bool htmlEncode = true)
        {
-            var cleanedValue = value.Replace("@", "[at]")
-                .Replace("http://", string.Empty)
-                .Replace("https://", string.Empty);
-            return HttpUtility.HtmlEncode(cleanedValue);
+            var cleanedValue = value.Replace("@", "[at]");
+            var regexOptions = RegexOptions.CultureInvariant |
+                RegexOptions.Singleline |
+                RegexOptions.IgnoreCase;
+            cleanedValue = Regex.Replace(cleanedValue, @"(\.\w)",
+                    m => string.Concat("[dot]", m.ToString().Last()), regexOptions);
+            while (Regex.IsMatch(cleanedValue, @"((^|\b)(\w*)://)", regexOptions))
+            {
+                cleanedValue = Regex.Replace(cleanedValue, @"((^|\b)(\w*)://)",
+                    string.Empty, regexOptions);
+            }
+            return htmlEncode ? HttpUtility.HtmlEncode(cleanedValue) : cleanedValue;
        }

        public static string DateTimeToTableStorageKey(DateTime? date = null)