Message332724
Thanks Serhiy for the input. I initially thought this should be escaped since content was escaped and the same for header since user input taken directly could result in XSS. Maybe someone might using this undocumented feature intentionally that might not be worth breaking.
I will make a PR for this to be noted in docs that the parameters are interpreted as HTML. |
|
Date |
User |
Action |
Args |
2018-12-29 16:09:25 | xtreak | set | recipients:
+ xtreak, larry, ned.deily, serhiy.storchaka |
2018-12-29 16:09:24 | xtreak | set | messageid: <1546099764.4.0.546337782939.issue35603@roundup.psfhosted.org> |
2018-12-29 16:09:24 | xtreak | link | issue35603 messages |
2018-12-29 16:09:24 | xtreak | create | |
|