I really love this project, but I found a potential XSS vulnerability:
When I send the email below to the smail address:
It can trigger the alert function.
I understand this project is in its early stages. It doesn’t matter if the issue can be resolved in the short term; I just want to bring attention to the potential security issue.
Finally, thanks to everyone who contributed to this project.
@gaoxiaodiao Thank you for report this, the email content is show with iframe, I add sanbox: allow-script for the iframe. This should prevent any popups. Thank you very much
I really love this project, but I found a potential XSS vulnerability:
When I send the email below to the smail address:
It can trigger the
alert
function.I understand this project is in its early stages. It doesn’t matter if the issue can be resolved in the short term; I just want to bring attention to the potential security issue.
Finally, thanks to everyone who contributed to this project.