You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While looking at some template injection vulnerabilities, I've spotted that you can bypass newline truncation (defined here or here) by sending the dreaded unicode 'hangul filler' character in our personalisations.
This could be utilised by a dodgy character who wants to hide some portion of the email content (if, say, they've utilised template injection to create a phishing email)
This can be represented using the following unicode sequence: ㅤ
The below screenshot shows how it appears in notify:
The text was updated successfully, but these errors were encountered:
Hi there,
While looking at some template injection vulnerabilities, I've spotted that you can bypass newline truncation (defined here or here) by sending the dreaded unicode 'hangul filler' character in our personalisations.
This could be utilised by a dodgy character who wants to hide some portion of the email content (if, say, they've utilised template injection to create a phishing email)
This can be represented using the following unicode sequence:
ㅤ
The below screenshot shows how it appears in notify:
The text was updated successfully, but these errors were encountered: