nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-05 05:00:19 -05:00
Code

[PM-3571] Address HTML injection in passwordless login emails (#3623)

Browse Source 
* [PM-3571] Update HandlebarsMailService for Passwordless login email URL, using AbsoluteUri which has html encoding

* [PM-3571] Switched from AbsoluteUri to OriginalString

---------

Co-authored-by: bnagawiecki <107435978+bnagawiecki@users.noreply.github.com>
This commit is contained in:
Rui Tomé 2024-02-09 13:42:11 +00:00 committed by GitHub
parent 6174df0874
commit a08541173d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Core/Services/Implementations/HandlebarsMailService.cs
View File

@ -263,7 +263,7 @@ public class HandlebarsMailService : IMailService
});
var model = new PasswordlessSignInModel
{
Url = url.ToString()
Url = url.OriginalString
};
await AddMessageContentAsync(message, "Auth.PasswordlessSignIn", model);
message.Category = "PasswordlessSignIn";