fix(notifications-email): Use a for urls

[kiblik]

Some URLs have not been displayed as links.

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Configured Codepaths Analyzer	✅	0 findings
Sensitive Files Analyzer	✅	0 findings
AppSec Analyzer	✅	0 findings
Authn/Authz Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖.
Note that this summary is auto-generated and not meant to be a definitive list of security issues
but rather a helpful summary from a security perspective.

Summary:

The code changes in this pull request focus on improving the user experience of email notifications in the Defect Dojo application. The changes involve wrapping the URLs in the email templates with HTML anchor tags (<a>) to make them more user-friendly and clickable. From a security perspective, these changes do not introduce any obvious vulnerabilities, as the templates are using Django's built-in template engine, which provides protection against common web application vulnerabilities, such as cross-site scripting (XSS) and cross-site request forgery (CSRF).

Additionally, the templates are using the {% autoescape on %} tag to ensure that all user-provided content is properly escaped, further reducing the risk of XSS vulnerabilities. The overall implementation appears to be security-conscious and in line with best practices for handling user input and rendering dynamic content in web applications.

Files Changed:

1. dojo/templates/notifications/mail/review_requested.tpl: The URL for reviewing the finding is now wrapped in an HTML anchor tag (<a>) instead of being displayed as plain text, making it more user-friendly and easier to click on.

2. dojo/templates/notifications/mail/report_created.tpl: The report URL is now displayed as a clickable link, making it easier for the recipient to access the report directly.

3. dojo/templates/notifications/mail/user_mentioned.tpl: The URL for the mentioned content is now wrapped in an HTML anchor tag (<a>) to provide a clickable link.

4. dojo/templates/notifications/mail/other.tpl: The event URL is now displayed as a clickable link, replacing the previous plain text display.

Overall, these code changes appear to be focused on improving the user experience of the email notifications without introducing any significant security concerns.

Powered by DryRun Security

[mtesauro]

Approved