You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm creating users with weird email addresses, like <script>alert("XSS!")</script>@<script>alert("XSS!")</script>.com, just to help find cases where I'm open to XSS in the app. When sending an email to one of those addresses mail_safe crashes with this backtrace:
undefined method `each' for #<String:0x007fddcd3575e8>
/Users/pupeno/.rvm/gems/ruby-1.9.2-p290@watu/gems/mail_safe-0.3.1/lib/mail_safe/address_replacer.rb:14:in `block in replace_external_addresses'
/Users/pupeno/.rvm/gems/ruby-1.9.2-p290@watu/gems/mail_safe-0.3.1/lib/mail_safe/address_replacer.rb:9:in `each'
/Users/pupeno/.rvm/gems/ruby-1.9.2-p290@watu/gems/mail_safe-0.3.1/lib/mail_safe/address_replacer.rb:9:in `replace_external_addresses'
/Users/pupeno/.rvm/gems/ruby-1.9.2-p290@watu/gems/mail_safe-0.3.1/lib/mail_safe/rails3_hook.rb:6:in `delivering_email'
/Users/pupeno/.rvm/gems/ruby-1.9.2-p290@watu/gems/mail-2.3.0/lib/mail/mail.rb:230:in `block in inform_interceptors'
/Users/pupeno/.rvm/gems/ruby-1.9.2-p290@watu/gems/mail-2.3.0/lib/mail/mail.rb:229:in `each'
/Users/pupeno/.rvm/gems/ruby-1.9.2-p290@watu/gems/mail-2.3.0/lib/mail/mail.rb:229:in `inform_interceptors'
/Users/pupeno/.rvm/gems/ruby-1.9.2-p290@watu/gems/mail-2.3.0/lib/mail/message.rb:218:in `inform_interceptors'
/Users/pupeno/.rvm/gems/ruby-1.9.2-p290@watu/gems/mail-2.3.0/lib/mail/message.rb:228:in `deliver'
/Users/pupeno/.rvm/gems/ruby-1.9.2-p290@watu/gems/devise-1.4.7/lib/devise/models/confirmable.rb:50:in `send_confirmation_instructions'
Apparently mail.send(address_type) doesn't return an array but just a string.
The text was updated successfully, but these errors were encountered:
I'm creating users with weird email addresses, like <script>alert("XSS!")</script>@<script>alert("XSS!")</script>.com, just to help find cases where I'm open to XSS in the app. When sending an email to one of those addresses mail_safe crashes with this backtrace:
Apparently mail.send(address_type) doesn't return an array but just a string.
The text was updated successfully, but these errors were encountered: