• Jan Provaznik's avatar
    Redact unsubscribe links in issuable texts · 207a4ae9
    Jan Provaznik authored
    It's possible that user pastes accidentally also unsubscribe link
    which is included in footer of notification emails. This unsubscribe
    link contains personal token which attacker then use to act as the
    original user (e.g. for sending comments under his/her identity).
    207a4ae9
enqueue_redact_links_spec.rb 1.92 KB