Skip to content

Commit

Permalink
Escape all values from token alerts that are inserted into the email …
Browse files Browse the repository at this point in the history 
…notification
  • Loading branch information
@jayjb
jayjb committed Mar 14, 2019
1 parent 1e3748d commit 4e89ee0
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 7 deletions.
1 change: 0 additions & 1 deletion channel_output_email.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@
"""
import settings
import pprint

from twisted.python import log
import mandrill
import requests
Expand Down
12 changes: 6 additions & 6 deletions templates/emails/notification.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ <h2 style="font-size: 18px;">Basic Details:</h2></td>
{% if BasicDetails['Description'] %}
<tr>
<td class="label" style="background: #eeeeee; font-weight: bold; _border: none; width: 180px; border: 1px solid #cccccc; padding: 5px;">Token Reminder</td>
<td style="border: 1px solid #cccccc; padding: 5px;"><code>{{ BasicDetails['Description'] }}</code></td>
<td style="border: 1px solid #cccccc; padding: 5px;"><code>{{ BasicDetails['Description'] | e}}</code></td>
</tr>
{% endif %}
{% if BasicDetails['TokenType'] %}
Expand All @@ -104,19 +104,19 @@ <h2 style="font-size: 18px;">Basic Details:</h2></td>
{% if BasicDetails['User-Agent'] %}
<tr>
<td class="label" style="background: #eeeeee; font-weight: bold; _border: none; width: 180px; border: 1px solid #cccccc; padding: 5px;">User Agent</td>
<td style="border: 1px solid #cccccc; padding: 5px;"><code>{{ BasicDetails['User-Agent'] }}</code></td>
<td style="border: 1px solid #cccccc; padding: 5px;"><code>{{ BasicDetails['User-Agent'] | e}}</code></td>
</tr>
{% endif %}
{% if BasicDetails['Referer'] %}
<tr>
<td class="label" style="background: #eeeeee; font-weight: bold; _border: none; width: 180px; border: 1px solid #cccccc; padding: 5px;">Referer</td>
<td style="border: 1px solid #cccccc; padding: 5px;"><code>{{ BasicDetails['Referer'] }}</code></td>
<td style="border: 1px solid #cccccc; padding: 5px;"><code>{{ BasicDetails['Referer'] | e}}</code></td>
</tr>
{% endif %}
{% if BasicDetails['Location'] %}
<tr>
<td class="label" style="background: #eeeeee; font-weight: bold; _border: none; width: 180px; border: 1px solid #cccccc; padding: 5px;">Location</td>
<td style="border: 1px solid #cccccc; padding: 5px;"><code>{{ BasicDetails['Location'] }}</code></td>
<td style="border: 1px solid #cccccc; padding: 5px;"><code>{{ BasicDetails['Location'] | e}}</code></td>
</tr>
{% endif %}
{% if BasicDetails['CanaryIP'] or BasicDetails['CanaryName'] %}
Expand All @@ -125,7 +125,7 @@ <h2 style="font-size: 18px;">Basic Details:</h2></td>
<td style="border: 1px solid #cccccc; padding: 5px;">
<code>
{% if BasicDetails['CanaryIP'] %}{{ BasicDetails['CanaryIP'] }}{%endif%}
{% if BasicDetails['CanaryName'] %}({{BasicDetails['CanaryName']}}
{% if BasicDetails['CanaryName'] %}({{BasicDetails['CanaryName'] | e}}
{%- if BasicDetails['CanaryID'] %}, ID:{{BasicDetails['CanaryID']}}{%endif-%}
){%endif%}
</code></td>
Expand All @@ -136,7 +136,7 @@ <h2 style="font-size: 18px;">Basic Details:</h2></td>
<td class="label" style="background: #eeeeee; font-weight: bold; _border: none; width: 180px; border: 1px solid #cccccc; padding: 5px;">Canary Location</td>
<td style="border: 1px solid #cccccc; padding: 5px;">
<code>
{{ BasicDetails['CanaryLocation'] }}
{{ BasicDetails['CanaryLocation'] | e}}
</code></td>
</tr>
{% endif %}
Expand Down

0 comments on commit 4e89ee0

Please sign in to comment.