quantranhong1999 opened a new pull request, #2705: URL: https://github.com/apache/james-project/pull/2705
Previously, we did HTML escaping for almost all possible characters. cf https://github.com/apache/james-project/pull/2593 The highlight rendering could be ugly. e.g. the slash `/` character was escaped. `subject": "<mark>Work</mark> from home request (Monday 31/03)"`. Following JMAP SearchSnippet specs (https://jmap.io/spec-mail.html#search-snippets): `&` (ampersand), `<` (less-than sign), and `>` (greater-than sign) characters **MUST** be escaped, while the remaining characters **MAY** depend on server choice. Let's balance between security and visibility IMO: escape the 3 **MUST** `&` `<` `>` characters, and relax escaping for the rest. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org For additional commands, e-mail: notifications-h...@james.apache.org
