[SECURITY] Prevent HTML injection through placeholders in emails

Co-authored-by: luelista <weller@pretix.eu>
2026-05-10 16:04:02 +00:00 · 2025-11-24 00:04:24 +01:00
parent bfab523d83
commit fdd34f387a
9 changed files with 219 additions and 56 deletions
--- a/src/tests/templates/mailtest.txt
+++ b/src/tests/templates/mailtest.txt
@@ -1,4 +1,13 @@
 {% load i18n %}
 This is a test file for sending mails.
+Event name: {event}
 {% get_current_language as LANGUAGE_CODE %}
 The language code used for rendering this email is {{ LANGUAGE_CODE }}.
+
+Payment info:
+{payment_info}
+
+**Meta**: {meta_Test}
+
+Event website: [{event}](https://example.org/{event_slug})
+Other website: [{event}]({meta_Website})