Просмотр исходного кода

fix: sanitize org name in outbound emails (#66857)

Attempt to prevent mail clients from auto-linking organization names
that look or contain a domain name by inserting the _word joiner_
unicode character before each period.
Matthew T 1 год назад
Родитель
Сommit
d20e05ec53

+ 2 - 1
src/sentry/templates/sentry/emails/auth-link-identity.html

@@ -1,13 +1,14 @@
 {% extends "sentry/emails/base.html" %}
 {% extends "sentry/emails/base.html" %}
 
 
 {% load i18n %}
 {% load i18n %}
+{% load sentry_helpers %}
 
 
 {% block main %}
 {% block main %}
   <h3>{{ provider.name }} SSO Enabled</h3>
   <h3>{{ provider.name }} SSO Enabled</h3>
 
 
   <p>
   <p>
     <strong>{{ provider.name }}</strong> Single Sign-On has been configured for the
     <strong>{{ provider.name }}</strong> Single Sign-On has been configured for the
-    <strong>{{ organization.name }}</strong> organization. Link your Sentry account to enable
+    <strong>{{ organization.name|sanitize_periods }}</strong> organization. Link your Sentry account to enable
     signing on with your <strong>{{ provider.name }}</strong> account.
     signing on with your <strong>{{ provider.name }}</strong> account.
   </p>
   </p>
 
 

+ 2 - 1
src/sentry/templates/sentry/emails/auth-sso-disabled.html

@@ -1,13 +1,14 @@
 {% extends "sentry/emails/base.html" %}
 {% extends "sentry/emails/base.html" %}
 
 
 {% load i18n %}
 {% load i18n %}
+{% load sentry_helpers %}
 
 
 {% block main %}
 {% block main %}
   <h3>Single Sign-On disabled</h3>
   <h3>Single Sign-On disabled</h3>
 
 
   <p>
   <p>
     <strong>{{ provider.name }}</strong> Single Sign-On has been disabled for the
     <strong>{{ provider.name }}</strong> Single Sign-On has been disabled for the
-    <strong>{{ organization.name }}</strong> organization.
+    <strong>{{ organization.name|sanitize_periods }}</strong> organization.
   </p>
   </p>
 
 
   {% if has_password %}
   {% if has_password %}

+ 1 - 1
src/sentry/templates/sentry/emails/member-invite.html

@@ -5,7 +5,7 @@
 
 
 {% block main %}
 {% block main %}
     <h3>You've been invited to Sentry</h3>
     <h3>You've been invited to Sentry</h3>
-    <p>Your teammates at <strong>{{ organization.name }}</strong> are using Sentry to track and debug software errors.</p>
+    <p>Your teammates at <strong>{{ organization.name|sanitize_periods }}</strong> are using Sentry to track and debug software errors.</p>
 
 
     <p><a href="{{ url }}" class="btn">Join your team</a></p>
     <p><a href="{{ url }}" class="btn">Join your team</a></p>
 
 

+ 1 - 1
src/sentry/templates/sentry/emails/org-auth-token-created.html

@@ -6,7 +6,7 @@
 
 
 {% block main %}
 {% block main %}
   <h3>Security Notice</h3>
   <h3>Security Notice</h3>
-  <p>User {{ actor.email }} has created a new Organization Auth Token "{{ token_name }}" for your Sentry organization {{ organization.name }}.</p>
+  <p>User {{ actor.email }} has created a new Organization Auth Token "{{ token_name }}" for your Sentry organization {{ organization.name|sanitize_periods }}.</p>
   <table>
   <table>
     <tr>
     <tr>
       <td style="width:36px;vertical-align:top;padding-right:15px;">
       <td style="width:36px;vertical-align:top;padding-right:15px;">

+ 2 - 1
src/sentry/templates/sentry/emails/org_delete_confirm.html

@@ -1,10 +1,11 @@
 {% extends "sentry/emails/base.html" %}
 {% extends "sentry/emails/base.html" %}
 
 
 {% load i18n %}
 {% load i18n %}
+{% load sentry_helpers %}
 
 
 {% block main %}
 {% block main %}
     <h3>Organization Queued for Deletion</h3>
     <h3>Organization Queued for Deletion</h3>
-    <p>The <strong>{{ organization.name }}</strong> organization has been scheduled for deletion by:</p>
+    <p>The <strong>{{ organization.name|sanitize_periods }}</strong> organization has been scheduled for deletion by:</p>
     <p><pre>User: {{ username }}
     <p><pre>User: {{ username }}
 IP: {{ user_ip_address }}
 IP: {{ user_ip_address }}
 Date: {{ deletion_datetime }}</pre></p>
 Date: {{ deletion_datetime }}</pre></p>

+ 1 - 1
src/sentry/templates/sentry/emails/reports/body.html

@@ -214,7 +214,7 @@
         </h1>
         </h1>
       </td>
       </td>
       <td class="align-right">
       <td class="align-right">
-        <strong>Weekly Update for {{ organization.name }}</strong><br />
+        <strong>Weekly Update for {{ organization.name|sanitize_periods }}</strong><br />
         {{ start }} &ndash; {{ end }}
         {{ start }} &ndash; {{ end }}
       </td>
       </td>
     </tr>
     </tr>

+ 2 - 1
src/sentry/templates/sentry/emails/setup_2fa.html

@@ -1,11 +1,12 @@
 {% extends "sentry/emails/base.html" %}
 {% extends "sentry/emails/base.html" %}
 
 
 {% load i18n %}
 {% load i18n %}
+{% load sentry_helpers %}
 
 
 {% block main %}
 {% block main %}
     <h3>Setup Two-Factor Authentication</h3>
     <h3>Setup Two-Factor Authentication</h3>
     <p>
     <p>
-        The {{ organization.name|title }} organization now requires all members to enable
+        The {{ organization.name|sanitize_periods|title }} organization now requires all members to enable
         two-factor authentication. Effective immediately, you will be unable to access
         two-factor authentication. Effective immediately, you will be unable to access
         this organization or receive its notifications until you enable at least
         this organization or receive its notifications until you enable at least
         one form of 2FA.
         one form of 2FA.

+ 2 - 1
src/sentry/templates/sentry/emails/setup_email.html

@@ -1,11 +1,12 @@
 {% extends "sentry/emails/base.html" %}
 {% extends "sentry/emails/base.html" %}
 
 
 {% load i18n %}
 {% load i18n %}
+{% load sentry_helpers %}
 
 
 {% block main %}
 {% block main %}
     <h3>Confirm Email</h3>
     <h3>Confirm Email</h3>
     <p>
     <p>
-        The {{ organization.name|title }} organization now requires all members to confirm
+        The {{ organization.name|sanitize_periods|title }} organization now requires all members to confirm
         their primary email address. Effective immediately, you will be unable to access
         their primary email address. Effective immediately, you will be unable to access
         this organization or receive its notifications until you confirm this email
         this organization or receive its notifications until you confirm this email
         address.
         address.

+ 1 - 1
src/sentry/templates/sentry/emails/slack-migration.html

@@ -6,7 +6,7 @@
 
 
 {% block main %}
 {% block main %}
   <h3>You're All Upgraded</h3>
   <h3>You're All Upgraded</h3>
-    Well, you're looking fresh. Your organization <strong>{{organization.name}}</strong>'s Sentry-Slack Integration for your workspace
+    Well, you're looking fresh. Your organization <strong>{{organization.name|sanitize_periods}}</strong>'s Sentry-Slack Integration for your workspace
     <strong>{{integration.name}}</strong> is all up to date and ready to report errors. If you're confused, curious, or just looking
     <strong>{{integration.name}}</strong> is all up to date and ready to report errors. If you're confused, curious, or just looking
     for some light reading, see <a href="{{ doc_link }}">our docs</a>.
     for some light reading, see <a href="{{ doc_link }}">our docs</a>.
   <br />
   <br />

+ 14 - 0
src/sentry/templatetags/sentry_helpers.py

@@ -318,3 +318,17 @@ def random_int(a, b=None):
 @register.filter
 @register.filter
 def get_item(dictionary, key):
 def get_item(dictionary, key):
     return dictionary.get(key, "")
     return dictionary.get(key, "")
+
+
+@register.filter
+@stringfilter
+def sanitize_periods(value):
+    """
+    Primarily used in email templates when a field may contain a domain name to prevent
+    email clients from creating a clickable link to the domain.
+    """
+    word_joiner = "\u2060"
+
+    # Adding the Unicode character before every period
+    output_string = value.replace(".", word_joiner + ".")
+    return output_string

Некоторые файлы не были показаны из-за большого количества измененных файлов