- notificationService buildEmailHtml: the message line interpolated bill.name
raw (`<strong>${bill.name}</strong> is due…`) while the detail table escaped
it; a `<img src=x onerror=…>` name landed unescaped in the email HTML. Now
escaped everywhere. (self-XSS — reminders go to the bill's owner — but a clear
inconsistent-escaping defect)
- expose buildEmailHtml via _email; add an escaping test across all 4 email types
- docs: archive QA-B14-04
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
||
|---|---|---|
| .. | ||
| images | ||
| Authentik-Integration.md | ||
| CSRF-SPA-Setup.md | ||
| Engineering_Reference_Manual.md | ||
| Engineering_Reference_promp.md | ||
| QA_PLAN.md | ||
| RATE_LIMITING_ENHANCEMENT.md | ||
| ROADMAP_REDESIGN_PLAN.md | ||
| ROADMAP_UI_AUDIT.md | ||
| UI_IMPROVEMENTS.md | ||
| advisory_non_bill_transaction_filters_us_ms_5000.json | ||
| cents-migration-plan.md | ||
| merchant_store_match_us_nems_online_5k_v0_2.json | ||
| top_200_us_subscriptions.csv | ||
| top_200_us_subscriptions_researched_2026-06-06.json | ||