Open AlxxxlA opened 6 years ago
Yes, we definitively need to improve email sanitation. For now, we've choosen a conservative approach to avoid XSS attack. We'll make the sanitation better.
And maybe add some cool features like markdown formatting ;p
Hi,
I do a simple test writting a from a caliopen discussion, when I sent the message, it removes the ''. I think this is to avoid XSS attack, but the content should be displayed and not removed. If I sent a javascript example to a contact, i don't want that the browser execute the javascript but i want that my contact see the javascript code.