akazwz
commented
3 days ago @gaoxiaodiao Thank you for report this, the email content is show with iframe, I add sanbox: allow-script for the iframe. This should prevent any popups. Thank you very much
Open gaoxiaodiao opened 3 days ago
akazwz
commented
3 days ago @gaoxiaodiao Thank you for report this, the email content is show with iframe, I add sanbox: allow-script for the iframe. This should prevent any popups. Thank you very much
I really love this project, but I found a potential XSS vulnerability:
When I send the email below to the smail address:
It can trigger the
alertfunction.I understand this project is in its early stages. It doesn’t matter if the issue can be resolved in the short term; I just want to bring attention to the potential security issue.
Finally, thanks to everyone who contributed to this project.