Closed FelixSchwarz closed 5 months ago
Nice! I think this is a good solution. Thanks for the quick turnaround, and apologies for overlooking this in the first place.
Do we want to consider releasing this as a patch instead of a minor release?
apologies for overlooking this in the first place.
No worries, I did the same mistake back then.
Do we want to consider releasing this as a patch instead of a minor release?
I think this is a pretty security major issue given the possibility that untrusted users might heavily rewrite the structure of emails sent through a web platform. Therefore I'd prefer putting this out as a "minor" release.
Fixes #52
@sh-at-cs, @caseyjhol: In the end I went for a really narrow unescaping implementation. By doing so I hope that there are fewer potential security issues (who knows what obscure features CSS has/will get?). Do you think that this minimal implementation is good as well?