bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server synced 2025-12-14 15:23:42 +00:00
Code Issues Releases Wiki Activity

[PM-3571] Address HTML injection in passwordless login emails (#3623)

Browse Source 
* [PM-3571] Update HandlebarsMailService for Passwordless login email URL, using AbsoluteUri which has html encoding

* [PM-3571] Switched from AbsoluteUri to OriginalString

---------

Co-authored-by: bnagawiecki <107435978+bnagawiecki@users.noreply.github.com>
This commit is contained in:
Rui Tomé
2024-02-09 13:42:11 +00:00
committed by GitHub
parent 6174df0874
commit a08541173d
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Core/Services/Implementations/HandlebarsMailService.cs
View File

@@ -263,7 +263,7 @@ public class HandlebarsMailService : IMailService
});
var model = new PasswordlessSignInModel
{
Url = url.ToString()
Url = url.OriginalString
};
await AddMessageContentAsync(message, "Auth.PasswordlessSignIn", model);
message.Category = "PasswordlessSignIn";