I have the ability to send email messages to users on the site. Do I need to process messages from XSS?

S

sorry_i_noob2018-10-22 18:18:24

Information Security

sorry_i_noob, 2018-10-22 18:18:24

Hello! On my site, users' emails are hidden. So that users can contact each other, I wrote a form in which a message is sent to the mail of the user with whom the other user wants to contact.
I have a question. Do I need to handle user messages from XSS? Or does it not make sense, since mailboxes have good protection and XSS will not work anyway?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

S

sim3x, 2018-10-22
@sorry_i_noob

The fact that some email clients have xss protection does not mean that you do not need to do it

D

dollars, 2018-10-22
@dollar

And how the user will write the answer? Do you send a letter with the sender's email address?
Usually, either the mail is open, or the site has its own PM system, and only notifications come to the mail.

D

Denis hmm, 2015-08-15
@allthanks

Very sorry. Thanks anyway for the answer. At least I won't waste my time looking.