Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Href gets sanitized when the link is a keyword #516

Closed
lshaowei18 opened this issue Jul 13, 2020 · 3 comments
Closed

Href gets sanitized when the link is a keyword #516

lshaowei18 opened this issue Jul 13, 2020 · 3 comments
Assignees
@lshaowei18
Labels
bug Something isn't working

Comments

@lshaowei18
Copy link
Contributor

lshaowei18 commented Jul 13, 2020
edited
Loading

Describe the bug

In the email template, when you have the href as a keyword like <a href="{{protectedlink}}">link</a>, it gets sanitised into <a href>link</a>.

To Reproduce
recording

Expected behavior
Should retain the keyword. This affects registered mail.
@lshaowei18 lshaowei18 added the bug Something isn't working label Jul 13, 2020
@lshaowei18 lshaowei18 self-assigned this Jul 13, 2020
@lamkeewei
Copy link
Contributor

Not sure if it's helpful but we also faced a similar issue when we were working on Telegram. xss-js was sanitising tg://... links values too. We overrode safeAttrValue to solve this. Can reference #467 and here.

@lshaowei18
Copy link
Contributor Author

Nice, thanks! Just tried it out and it works :)

This was referenced Jul 13, 2020
Closed
Merged
@lshaowei18
Copy link
Contributor Author

Done through #551

This was referenced Jun 13, 2022
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lshaowei18 lshaowei18

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore: Prevent href link from being sanitized by xss opengovsg/postmangovsg
2 participants
@lamkeewei @lshaowei18