CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-07 15:34:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

[SECURITY] Prevent HTML injection through placeholders in emails

Browse Source 
Co-authored-by: luelista <weller@pretix.eu>
This commit is contained in:
Raphael Michel
2025-11-24 00:04:24 +01:00
parent bfab523d83
commit fdd34f387a
9 changed files with 219 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/tests/helpers/test_format.py
View File

@@ -40,6 +40,5 @@ def test_format_alternatives():
)
}
assert format_map("Foo {bar}", ctx, mode=SafeFormatter.MODE_IGNORE_RICH) == "Foo {bar}"
assert format_map("Foo {bar}", ctx, mode=SafeFormatter.MODE_RICH_TO_PLAIN) == "Foo plain text"
assert format_map("Foo {bar}", ctx, mode=SafeFormatter.MODE_RICH_TO_HTML) == "Foo <span>HTML version</span>"