fix: Cross-Site Scripting (XSS) via HTML pages for password reset and email verification [GHSA-jhgf-2h8h-ggxv](https://github.com/parse-community/parse-server/security/advisories/GHSA-jhgf-2h8h-ggxv) (#9985)

2025-12-14 15:44:04 +01:00
parent 7028e0385c
commit 3074eb70f5
7 changed files with 89 additions and 21 deletions
--- a/public/email_verification_link_expired.html
+++ b/public/email_verification_link_expired.html
@@ -14,9 +14,9 @@
 <body>
  <h1>{{appName}}</h1>
  <h1>Expired verification link!</h1>
-  <form method="POST" action="{{{publicServerUrl}}}/apps/{{{appId}}}/resend_verification_email">
-    <input name="token" type="hidden" value="{{{token}}}">
-    <input name="locale" type="hidden" value="{{{locale}}}">
+  <form method="POST" action="{{publicServerUrl}}/apps/{{appId}}/resend_verification_email">
+    <input name="token" type="hidden" value="{{token}}">
+    <input name="locale" type="hidden" value="{{locale}}">
    <button type="submit">Resend Link</button>
  </form>
 </body>