zulip/templates/zerver/emails
Tim Abbott a920544bc3
invite emails: Ensure user-controlled input is always in links.
Popular email clients like Gmail will automatically linkify link-like
content present in an HTML email they receive, even if it doesn't have
links in it.  This made it possible to include what in Gmail will be a
user-controlled link in invitation emails that Zulip sends, which a
spammer/phisher could try to take advantage of to send really bad spam
(the limitation of having the rest of the invitation email HTML there
makes it hard to do something compelling here).

We close this opportunity by structuring our emails to always show the
user's name inside an existing link, so that Gmail won't do new
linkification, and add a test to help ensure we don't remove this
structure in a future design change.

Co-authored-by: Anders Kaseorg <andersk@mit.edu>
2020-05-08 14:02:41 -07:00
..
.gitignore send_custom_email: Use a special .gitignored directory. 2020-04-21 16:50:11 -07:00
confirm_new_email.source.html emails: Set alt attribute to empty for leading images. 2020-01-24 13:32:54 -08:00
confirm_new_email.subject.txt
confirm_new_email.txt emails: Remove newlines from translated strings in email templates. 2019-02-10 12:28:17 -08:00
confirm_registration.source.html emails: Set alt attribute to empty for leading images. 2020-01-24 13:32:54 -08:00
confirm_registration.subject.txt
confirm_registration.txt emails: Remove newlines from translated strings in email templates. 2019-02-10 12:28:17 -08:00
custom_email_base.pre.html emails: Set alt attribute to empty for leading images. 2020-01-24 13:32:54 -08:00
digest.source.html i18n: Add translation tags to digest emails. 2020-04-29 17:04:48 -07:00
digest.subject.txt i18n: Add translation tags to digest emails. 2020-04-29 17:04:48 -07:00
digest.txt i18n: Add translation tags to digest emails. 2020-04-29 17:04:48 -07:00
email.css emails: Show proper message when email content is not shown. 2020-01-31 12:29:58 -08:00
email_base_default.source.html emails: Add alt tags to images. 2019-04-24 17:49:56 -07:00
email_base_messages.html emails: Show preheader block only if preheader is present. 2019-08-17 11:32:28 -07:00
find_team.source.html emails: Set alt attribute to empty for leading images. 2020-01-24 13:32:54 -08:00
find_team.subject.txt
find_team.txt emails: Remove newlines from translated strings in email templates. 2019-02-10 12:28:17 -08:00
followup_day1.source.html templates: Use `<hr>` and `<br>` consistently. 2020-04-28 17:05:48 -07:00
followup_day1.subject.txt emails: Remove newlines from translated strings in email templates. 2019-02-10 12:28:17 -08:00
followup_day1.txt emails: Remove newlines from translated strings in email templates. 2019-02-10 12:28:17 -08:00
followup_day2.source.html templates: Use `<hr>` and `<br>` consistently. 2020-04-28 17:05:48 -07:00
followup_day2.subject.txt
followup_day2.txt
invitation.source.html invite emails: Ensure user-controlled input is always in links. 2020-05-08 14:02:41 -07:00
invitation.subject.txt
invitation.txt emails: Remove newlines from translated strings in email templates. 2019-02-10 12:28:17 -08:00
invitation_reminder.source.html invite emails: Ensure user-controlled input is always in links. 2020-05-08 14:02:41 -07:00
invitation_reminder.subject.txt
invitation_reminder.txt emails: Send invitation reminder email two days before expiry. 2019-08-23 12:53:11 -07:00
missed_message.source.html i18n: Add translation tags to missed-message emails. 2020-04-30 16:11:47 -07:00
missed_message.subject.txt i18n: Add translation tags to missed-message emails. 2020-04-30 16:11:47 -07:00
missed_message.txt i18n: Add translation tags to missed-message emails. 2020-04-30 16:11:47 -07:00
notify_change_in_email.source.html templates: Use `<hr>` and `<br>` consistently. 2020-04-28 17:05:48 -07:00
notify_change_in_email.subject.txt
notify_change_in_email.txt emails: Remove newlines from translated strings in email templates. 2019-02-10 12:28:17 -08:00
notify_new_login.source.html templates: Use `<hr>` and `<br>` consistently. 2020-04-28 17:05:48 -07:00
notify_new_login.subject.txt
notify_new_login.txt emails: Remove newlines from translated strings in email templates. 2019-02-10 12:28:17 -08:00
password_reset.source.html emails: Set alt attribute to empty for leading images. 2020-01-24 13:32:54 -08:00
password_reset.subject.txt
password_reset.txt emails: Remove newlines from translated strings in email templates. 2019-02-10 12:28:17 -08:00
realm_reactivation.source.html emails: Set alt attribute to empty for leading images. 2020-01-24 13:32:54 -08:00
realm_reactivation.subject.txt i18n: Add translation tags to missed-message emails. 2020-04-30 16:11:47 -07:00
realm_reactivation.txt emails: Remove newlines from translated strings in email templates. 2019-02-10 12:28:17 -08:00