akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 16 Packages Projects Releases Wiki Activity

fix: enhance email sanitization by trimming whitespace and normalizing input

Browse Source
This commit is contained in:
GitHub Actions
2026-03-06 20:18:51 +00:00
parent 77a7368c5d
commit 4ebf8d23fe
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
backend/internal/services/notification_service.go
View File

@@ -246,15 +246,18 @@ func (s *NotificationService) SendExternal(ctx context.Context, eventType, title
}
// sanitizeForEmail strips ASCII control characters (0x000x1F and 0x7F DEL)
// from untrusted strings before they enter the email pipeline. This provides
// defense-in-depth alongside rejectCRLF() validation in SendEmail/buildEmail.
// and trims leading/trailing whitespace from untrusted strings before they
// enter the email pipeline. The result is a normalized, single-line string.
// This provides defense-in-depth alongside rejectCRLF() validation in
// SendEmail/buildEmail.
func sanitizeForEmail(s string) string {
return strings.Map(func(r rune) rune {
stripped := strings.Map(func(r rune) rune {
if r < 0x20 || r == 0x7F {
return -1
}
return r
}, s)
return strings.TrimSpace(stripped)
}
// dispatchEmail sends an email notification for the given provider.