I want my email alerts to be more user-friendly.
In order to do so, I made some styled email templates (with mustache expressions) using css. Unfortunately i can't paste them here.
According to the Watcher HTML Sanitization Documentation, _style attributes are disabled in order to avoid XSS through CSS.
This is reasonable, but i want to find a way to send really neatly decorated emails to my clients. My concern is not about what tags and attributes are supported by email clients (i have control on this in my case), but how to send formatted and user friendly mails safely.
I am not really worried about XSS on client side, but mostly about XSS affecting the ELK environment.
Is it only a matter of allowing specific tags and attributes in a way that avoids XSS? or is there any built in solution in watcher for safly sending decorated mails?