mirror of https://github.com/zulip/zulip.git
a920544bc3
Popular email clients like Gmail will automatically linkify link-like content present in an HTML email they receive, even if it doesn't have links in it. This made it possible to include what in Gmail will be a user-controlled link in invitation emails that Zulip sends, which a spammer/phisher could try to take advantage of to send really bad spam (the limitation of having the rest of the invitation email HTML there makes it hard to do something compelling here). We close this opportunity by structuring our emails to always show the user's name inside an existing link, so that Gmail won't do new linkification, and add a test to help ensure we don't remove this structure in a future design change. Co-authored-by: Anders Kaseorg <andersk@mit.edu> |
||
|---|---|---|
| .. | ||
| analytics | ||
| confirmation | ||
| corporate | ||
| tests | ||
| two_factor | ||
| zerver | ||
| zilencer | ||
| .gitignore | ||
| 404.html | ||
| 500.html | ||