fix: cherry pick security issue fixes (#1432)

* fix: potential "Potentially unsafe external link" of TOS and EMail Links * fix: "Size computation for allocation may overflow" by limiting aes encrypt to 64MB
2025-08-11 19:17:32 +00:00 · 2021-03-19 09:10:50 +01:00
parent bc7e650089
commit b01f277e4b
5 changed files with 8 additions and 4 deletions
--- a/internal/notification/static/templates/template.html
+++ b/internal/notification/static/templates/template.html
@@ -301,7 +301,7 @@
                                                                                        <td align="center" vertical-align="middle" style="font-size:0px;padding:10px 25px;word-break:break-word;">
                                                                                            <table border="0" cellpadding="0" cellspacing="0" role="presentation" style="border-collapse:separate;line-height:100%;">
                                                                                                <tr>
-                                                                                                    <td align="center" bgcolor="#5282C1" role="presentation" style="border:none;border-radius:3px;cursor:auto;mso-padding-alt:10px 25px;background:#5282C1;" valign="middle"> <a href="{{.URL}}" style="display:inline-block;background:#5282C1;color:#ffffff;font-family:Ubuntu, Helvetica, Arial, sans-serif;font-size:16px;font-weight:normal;line-height:120%;margin:0;text-decoration:none;text-transform:none;padding:10px 25px;mso-padding-alt:0px;border-radius:3px;"
+                                                                                                    <td align="center" bgcolor="#5282C1" role="presentation" style="border:none;border-radius:3px;cursor:auto;mso-padding-alt:10px 25px;background:#5282C1;" valign="middle"> <a href="{{.URL}}" rel="noopener noreferrer" style="display:inline-block;background:#5282C1;color:#ffffff;font-family:Ubuntu, Helvetica, Arial, sans-serif;font-size:16px;font-weight:normal;line-height:120%;margin:0;text-decoration:none;text-transform:none;padding:10px 25px;mso-padding-alt:0px;border-radius:3px;"
                                                                                                                                                                                                                                                                                 target="_blank">
                                                                                                            {{.ButtonText}}
                                                                                                        </a> </td>