-
Notifications
You must be signed in to change notification settings - Fork 3.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Use a separate triple Mustache allowlist for email (#37189)
This allowlist of triple Mustache tags was shared with the email format. triple-mustache is a pretty security sensitive feature in the email format, and adding non-formatting tags like amp-img to the allowlist requires a security review. For some email clients (like Gmail) the Mustache is actually rendered on the server side, and the server uses a different triple-mustache allowlist. However, for consistency with email clients who don't server-side render the template we should keep the client-side sanitization consistent. Using a separate list for email so we don't accidentally modify the email format when there are requests to add new tags for the website format (e.g., #32039). We can still add to the email allowlist on a case-by-case basis.
- Loading branch information
Showing
7 changed files
with
207 additions
and
80 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.