Cross-Site Scripting in HTML view

[sectestaccount]

Hi,

is it possible to disable JavaScript in HTML view? It is possible to perform Cross-Site Scripting attacks: https://owasp.org/www-community/attacks/xss/

The issue might happen because of this line: https://github.com/mailhog/MailHog-UI/blob/master/web/web.go#L104

Thanks. Kind regards.

[mailukas]

I just ran into this issue. It's still unfixed.

I don't think any mail view or mail client should execute JavaScript at all. :-/