-
Notifications
You must be signed in to change notification settings - Fork 93
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HTML in the message should be escaped #104
Labels
Comments
Agree that should not be the case. |
@benface What version of Craft & Contact Form are you using? |
@brandonkelly Version 1.9.1 running on Craft CMS 2.6.2993. |
@angrybrad Still seeing this in version 2.1.1 running on Craft CMS 3.0.0-RC10.1. |
@angrybrad Did you see this? Should I submit a new issue? |
@MakeilaLundy @Radabaugh this needs to be addressed for the v2 branch as well. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Any HTML entered by the user in the message field is rendered raw in the email's body. I believe that's a security issue, and if not, it's just annoying. :P
The text was updated successfully, but these errors were encountered: