Fixed XSS issue in To field

[tonioo]

No description provided.

[codecov]

Codecov Report

Base: 77.53% // Head: 77.53% // No change to project coverage 👍

Coverage data is based on head (8f4e51b) compared to base (dd4ab50).
Patch has no changes to coverable lines.

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #244   +/-   ##
=======================================
  Coverage   77.53%   77.53%           
=======================================
  Files          24       24           
  Lines        2195     2195           
=======================================
  Hits         1702     1702           
  Misses        493      493           

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

[JeffreyGaor]

Hi @tonioo

Good day!

Thank you for your update.

It was my pleasure to secure modoboa-webmail.

I can see that my payload previously used ( Bounty"><script>alert(document.cookie);</script>) to trigger XSS when composing email in "TO" field is no longer working.

Moreover, by any chance that you could apply or assign a CVE for the reported vulnerability, please?

Your help is highly appreciated.

Thank you so much.

Regards,
Jeffrey