Allow sanitise_content_for arg in send_email_notification endpoint#276
Allow sanitise_content_for arg in send_email_notification endpoint#276CrystalPea wants to merge 3 commits into
Conversation
CrystalPea
force-pushed
the
allow_sanitise_content_for_placeholder_when_sending_email
branch
3 times, most recently
from
60e00bb to
3e9cdbe
Compare
CrystalPea
changed the title
CrystalPea
force-pushed
the
allow_sanitise_content_for_placeholder_when_sending_email
branch
2 times, most recently
from
14e2242 to
948885d
Compare
So that seervice users can tell us to sanitise content for specific placeholders. This is part of the work to mitigate against the placeholder injection vulnerability. Also add sanitised_content attribute to the response schema - this is new response attribute where we tell service users when a content they told us to sanitise was actually altered as a result.
CrystalPea
force-pushed
the
allow_sanitise_content_for_placeholder_when_sending_email
branch
from
948885d to
1902b7d
Compare
kr8n3r
left a comment
kr8n3r
left a comment
There was a problem hiding this comment.
this is in line with what api is set to accept and return alphagov/notifications-api#4841
|
I need to add new version |
| "required": ["id", "content", "uri", "template"], | ||
| } | ||
|
|
||
| # TODO: this doesn't seem to be used anywhere, do we still need it? |
There was a problem hiding this comment.
The PR that added this seems to indicate that notification_schemas.py was intended to be the same as its's API counterpart https://github.com/alphagov/notifications-api/blob/main/app/v2/notifications/notification_schemas.py so everything was copied over.
I think it is good to leave the TODO heading in this PR so it can be revisited in the future.
To release "Sanitise personalisation" feature.
|
Since I linked to the documentation in the CHANGELOG, I think it's actually good if this change and the documentation are released around the same time. Still, we have to fix the release pipeline for this before anything gets released, so 🤷🏼♀️ |
Co-authored-by: Chris Hill-Scott <me@quis.cc>
4 participants
So that users can tell us to sanitise content for specific placeholders. This is part of the work to mitigate against the placeholder injection vulnerability.
What problem does the pull request solve?
Checklist
CHANGELOG.mdnotifications_python_client/__init__.pynotifications-python-client/scripts/generate_docker_env.shnotifications-python-client/tox.iniCONTRIBUTING.md