Merge pull request #3373 from overleaf/jpa-block-recurly-xss

[views] subscription: block angular template evaluation for emails GitOrigin-RevId: 081314a387234dfe263b954a4206a0c8bba8b153
2025-04-21 03:13:42 +00:00 · 2020-11-09 10:35:01 +00:00 · 2020-11-09 10:35:01 +00:00 · 8e20258786
commit 8e20258786
parent f848e65a40
1 changed files with 1 additions and 1 deletions
--- a/services/web/app/views/subscriptions/dashboard/_personal_subscription_recurly_sync_email.pug
+++ b/services/web/app/views/subscriptions/dashboard/_personal_subscription_recurly_sync_email.pug
@ -8,7 +8,7 @@
 					.alert.alert-success(ng-show="updateAccountEmailAddress.response.success")
 						| #{translate('recurly_email_updated')}
 				div(ng-hide="updateAccountEmailAddress.response.success")
-					p !{translate("recurly_email_update_needed", { recurlyEmail: personalSubscription.recurly.account.email, userEmail: user.email }, ['em', 'em'])}
+					p(ng-non-bindable) !{translate("recurly_email_update_needed", { recurlyEmail: personalSubscription.recurly.account.email, userEmail: user.email }, ['em', 'em'])}
 					.actions
 						button.btn-primary.btn(
 							type='submit',