cubicweb #2522526 The ErrorView can be hacked to send spam [done]

The content of the message sent by email when hitting the "Submit" button in the ErrorView generated page, the sent content is included in the HTML page in a hidden textarea. It's thus easy to forge an email sent by the CW server with arbitrary content.

However, this is not a critical security issue since the recipients of the email cannot be forged.

A possible solution to this issue is to digitally sign the content of the hidden textarea.

done in3.15.6
load left0.000
closed by#797fc2e2fb78 [web] add a digital signature to error form (closes #2522526)