[wp-meta] [Making WordPress.org] #5587: Skip sanitization of code snippets in forum replies email notifications
Making WordPress.org
noreply at wordpress.org
Wed Feb 24 23:42:40 UTC 2021
#5587: Skip sanitization of code snippets in forum replies email notifications
----------------------------+---------------------
Reporter: YordanSoares | Owner: (none)
Type: defect | Status: new
Priority: high | Milestone:
Component: Support Forums | Resolution:
Keywords: |
----------------------------+---------------------
Comment (by dd32):
I'm fairly sure that this isn't going to be a WordPress.org support forum
specific thing, and is probably more likely going to be a core bbPress
bug? That will probably have to be fixed upstream..
Replying to [comment:2 vladytimy]:
> Do we have any security concerns about skipping sanitisation of code
snippets in mails?
I don't think there's any issue with security and emails, these are
(unfortunately) sent as plain-text emails currently though.
Part of me questions if we'd be better off sending these as html emails
though? Just since the output is already designed for inclusion in a HTML
email :)
> We could replace code snippets in emails with "In order to correctly
view the proposed code snippet, click the reply link below" but forcing
people to only read code in the forum may be received as evil in some
cases.
I don't think that's completely horrible, but I don't think it's exactly a
good user experience either. Just because the existing result isn't a good
UX, doesn't mean we should replace it with a different bad UX.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/5587#comment:5>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list