Open sectestaccount opened 4 years ago
Hi,
is it possible to disable JavaScript in HTML view? It is possible to perform Cross-Site Scripting attacks: https://owasp.org/www-community/attacks/xss/
The issue might happen because of this line: https://github.com/mailhog/MailHog-UI/blob/master/web/web.go#L104
Thanks. Kind regards.
I just ran into this issue. It's still unfixed.
I don't think any mail view or mail client should execute JavaScript at all. :-/
Hi,
is it possible to disable JavaScript in HTML view? It is possible to perform Cross-Site Scripting attacks: https://owasp.org/www-community/attacks/xss/
The issue might happen because of this line: https://github.com/mailhog/MailHog-UI/blob/master/web/web.go#L104
Thanks. Kind regards.