• Home
  • Features
  • Pricing
  • Docs
  • Announcements
  • Sign In

umputun / remark42 / 28475322963
84%

Build:
DEFAULT BRANCH: master
Ran 30 Jun 2026 08:59PM UTC
Jobs 1
Files 52
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst

30 Jun 2026 08:56PM UTC coverage: 84.325% (+0.03%) from 84.293%
28475322963

push

github

umputun
Sanitize comment text in email notifications (GHSA-74pc-3r2m-ppx3)

Email notification templates rendered the comment HTML via text/template,
so the store-level UGC sanitizer's permitted <a> and <img> tags reached
the email body verbatim. An authenticated user could plant phishing links
and remote tracking pixels in notification emails sent from the legitimate
remark42 address.

Switch notify to html/template (auto-escaping every non-HTML field) and
add a stricter email-only bluemonday policy that drops <a> and <img> while
keeping basic text formatting; the sanitized comment HTML is passed as
template.HTML. Add regression tests asserting links and images are stripped
while anchor text and formatting survive.

17 of 17 new or added lines in 1 file covered. (100.0%)

6380 of 7566 relevant lines covered (84.32%)

34.57 hits per line

Jobs
ID Job ID Ran Files Coverage
1 28475322963.1 30 Jun 2026 08:59PM UTC 52
84.32
GitHub Action Run
Source Files on build 28475322963
  • Tree
  • List 52
  • Changed 1
  • Source Changed 0
  • Coverage Changed 1
Coverage ∆ File Lines Relevant Covered Missed Hits/Line
  • Back to Repo
  • 3e18681c on github
  • Prev Build on master (#28464215157)
  • Next Build on master (#28476929092)
  • Delete
STATUS · Troubleshooting · Open an Issue · Sales · Support · CAREERS · ENTERPRISE · START FREE · SCHEDULE DEMO
ANNOUNCEMENTS · TWITTER · TOS & SLA · Supported CI Services · What's a CI service? · Automated Testing

© 2026 Coveralls, Inc