dcRUSTy issues

Results 4 issues of


                                            dcRUSTy

Unsafe content in HTML emails

**Describe the bug** JavaScript and external resources are allowed in "HTML version" of email which might lead to tracking and IP address leakage, and other wide range of security issues....

Separate IP whitelisting for mountebank and imposters.

#### Expected behaviour Separate IP whitelisting for mountebank and imposters. #### Actual behaviour Mountebank IP whitelisting is also forced on imposters. #### Steps to reproduce start mountebank with ipWhitelist 127.0.0.1...

security

Error when getting "long" name for timeZone Etc/UTC

new Intl.DateTimeFormat('en', { timeZone: 'Etc/UTC', timeZoneName:'long', year: 'numeric', month: 'numeric', day: 'numeric', hour: 'numeric', minute: 'numeric', }).format(new Date()) throws error "Error: unsupported value "long" for timeZone Etc/UTC. requires locale data...

Possible Escape with hardlinks.

**Apparently root is required for hardlinks** File block reads can be escaped with hardlinks. PoC ![gobox_hardlink](https://user-images.githubusercontent.com/40319304/99875322-95418800-2c14-11eb-99d6-4975d0d958d3.PNG) ![gobox_hardlink_2](https://user-images.githubusercontent.com/40319304/99875324-98d50f00-2c14-11eb-93fd-82fb0a232460.PNG)