eric/mailpit
1
0
Fork 0
mirror of https://github.com/axllent/mailpit.git synced 2026-06-28 06:56:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,847 Commits 2 Branches 191 Tags
5c03d891090317fdf653a9cf6a4505455d58e997
Commit Graph

243 Commits

Author SHA1 Message Date
Ralph Slooten
499a543963 Feature: New loading indicator, reduce flash during message transitions (#682) 2026-05-12 15:27:12 +12:00
Ralph Slooten
8b4c9d1267 Update AppAbout.vue: Enhance version notification display for stable and development builds 2026-05-10 10:41:38 +12:00
Ralph Slooten
10430f7dce Chore: Improve iframe height adjustment with optional chaining 2026-05-05 17:41:17 +12:00
Ralph Slooten
9dd1e99f52 Fixes for eslint validation 2026-03-29 17:40:43 +13:00
Ralph Slooten
dc9b8d54b7 Security: Add sandbox attribute to message iframe for extra later of security (already protected via CSP headers) 
Note that this does not provide any additional security as such as the CSP headers do this, however it is another barrier when it comes to bypass attempts.
 2026-03-28 08:01:51 +13:00
Ralph Slooten
9c2359eee5 Feature: Add filter functionality to message headers tab 
This implementation is based on, and resolves, #626
 2026-03-22 17:40:54 +13:00
Ralph Slooten
140633718c Chore: Limit subject length to 100 characters in browser notifications 2026-03-10 11:31:21 +13:00
Ralph Slooten
f40911c580 Security: Escape ContentID in HTML replacement to prevent regex injection 2026-03-10 11:27:47 +13:00
Ralph Slooten
3073ef9afe Chore: Replace localStorage retrieval with a dedicated function for default release addresses 2026-03-10 11:20:33 +13:00
Ralph Slooten
804d49b7ca Chore: Set margin & padding to HTML screenshot to prevent transparent top/left border 2026-03-10 11:09:28 +13:00
Ralph Slooten
7d29dff5e7 Security: Enhance HTML sanitization in screenshot generation 2026-03-10 10:24:40 +13:00
Ralph Slooten
bc8a737d4f Chore: Simplify HTML decoding function in screenshot generation using DOMParser 2026-03-10 10:04:47 +13:00
Ralph Slooten
b99be839a0 Security: Enhance HTML sanitization in message view 2026-03-10 10:02:10 +13:00
Ralph Slooten
7bb330a07a Chore: Use last release + git hash in Docker edge versions 2026-03-02 22:38:38 +13:00
Ralph Slooten
08ed46fc46 Use const instead of let 2026-02-21 22:43:51 +13:00
Ralph Slooten
c8caa29e24 Fix: Enable "Mark all read" button (Inbox) when new message is received 2026-02-09 15:38:11 +13:00
Ralph Slooten
e6fd638067 Detect if copy to clipboard is supported 2026-02-01 16:09:49 +13:00
Ralph Slooten
9b4ec97483 Minor UI tweaks 2026-02-01 15:44:13 +13:00
Ralph Slooten
dd74d46880 Feature: Option to display/hide attachment information in message view in web UI including checksums, content type & disposition 
Resolves #625
 2026-02-01 15:34:06 +13:00
Ralph Slooten
7cda4a36f1 Chore: Allow @ character in message tags & set max length to 100 characters per tag 2026-01-17 11:12:45 +13:00
Ralph Slooten
3108d82e06 Fix: Correctly render default addresses in release modal after settings change (#594) 2026-01-10 22:19:18 +13:00
Ralph Slooten
c5c9292863 More reliable handling for default release email editing 2026-01-10 15:56:19 +13:00
Ralph Slooten
877a9159ce Delay bootstrap-tags init until after render 2026-01-08 16:23:24 +13:00
Ralph Slooten
c4582889ad Update default release address wording 2026-01-08 16:20:00 +13:00
Ralph Slooten
392904fd23 Chore: Avoid empty URL query parameter when returning to inbox from message view 2026-01-08 16:03:35 +13:00
Ralph Slooten
f0160c0e29 Feature: Allow default mail addresses to be set when releasing message (#594) 2026-01-08 16:03:35 +13:00
Ralph Slooten
f9024d1f77 Chore: Remove webkit warnings about missing template / render functions 2026-01-08 16:03:34 +13:00
Ralph Slooten
3b9b470c09 Security: Restrict screenshot proxy to only support asset links contained in messages [CVE-2026-21859](https://github.com/axllent/mailpit/security/advisories/GHSA-8v65-47jx-7mfr) 
This fix prevents unrestricted network probing via the screenshot proxy by limiting requests to images, fonts and CSS links found within a message, and returns a generic HTTP error to the client when unsupported content types are requested, not found, or otherwise disallowed.

See CWE-918 Server-Side Request Forgery (SSRF)
 2026-01-06 15:33:50 +13:00
Ralph Slooten
cde80bf0fd Chore: Add tooltip to messages nav dropdown 2025-09-29 17:07:40 +13:00
Ralph Slooten
ae65312d02 Chore: Update navbar theme to use data-bs-theme attribute for consistency 2025-09-26 14:50:27 +12:00
Ralph Slooten
0770bd8d19 Chore: Add margin to icons in release and delete buttons for consistent spacing 2025-09-26 14:50:06 +12:00
Ralph Slooten
e2314fb3b9 Chore: UI tweaks to pagination layout for clearer navigation (#568) 2025-09-26 14:48:51 +12:00
Ralph Slooten
cce21854b9 Chore: Refactor JS functions and remove unused parameters 2025-07-24 17:27:11 +12:00
Ralph Slooten
75504c7bba Fix: Support angle brackets for text/plain URLs with spaces (#535) 2025-07-18 23:43:05 +12:00
Ralph Slooten
2d1fb7cf14 Chore: Allow unknown href link protocols in HTML view such as myapp:// (#532) 2025-07-01 08:01:09 +12:00
Ralph Slooten
3fff79e29f Chore: Apply linting to all JavaScript/Vue files with eslint & prettier 2025-06-20 23:26:06 +12:00
Ben Edmunds
95e3ef6fca Feature: Allow version checking to be disabled (#524) 2025-06-19 22:29:20 +12:00
Ralph Slooten
4b5ce0afed Feature: Store username with messages, auto-tag, and UI display (#521) 2025-06-18 16:41:04 +12:00
Ralph Slooten
fed20de522 Feature: Add relay config to preserve (keep) original Message-IDs when relaying messages (#515) 2025-06-07 11:38:25 +12:00
Ralph Slooten
91409310d7 Chore: Lighten outline-secondary buttons in dark mode 2025-05-23 23:19:54 +12:00
Ralph Slooten
a1c2690c44 Use text-muted instead of text-secondary 2025-05-18 10:31:39 +12:00
Ralph Slooten
bf5609a39b Chore: Adjust UI margin for side navigation 2025-05-18 10:31:36 +12:00
Ralph Slooten
4ed5011a8f Chore: Tweak UI to improve contrast between read & unread messages 2025-05-18 10:31:28 +12:00
Ralph Slooten
d0716b4995 Feature: Add option to hide the "Delete all" button in web UI (#495) 2025-05-17 12:28:35 +12:00
Matt Currie
05375fed7a Feature: Display unread count in app badge (#485) 
* Display unread count in app badge

* Rate limit app badge updates
 2025-04-30 17:34:46 +12:00
Ralph Slooten
1400936760 Feature: Add ability to mark all search results as read (#476) 2025-04-06 18:11:37 +12:00
Ralph Slooten
39886cf57c Fix: Prevent cropping bottom of label characters in web UI (#457) 2025-03-08 22:49:07 +13:00
Ralph Slooten
9a1f3a6bb5 Chore: Replace PrismJS with highlight.js for HTML syntax highlighting 2025-03-05 17:14:06 +13:00
Ralph Slooten
86b5524217 Feature: Add optional UI setting to skip "Delete all" & "Mark all read" confirmation dialogs(#428) 2025-02-02 15:31:18 +13:00
Ralph Slooten
e2fab49873 Update relay modal wording 2025-01-26 09:48:05 +13:00