HTML encode sanitized inputs for email templates (#1138)

2025-07-06 10:32:49 -05:00 · 2021-02-11 14:39:13 -05:00
parent 6cc317c4ba
commit 7c9ea83ad2
1 changed files with 3 additions and 2 deletions
--- a/src/Core/Utilities/CoreHelpers.cs
+++ b/src/Core/Utilities/CoreHelpers.cs
@ -503,9 +503,10 @@ namespace Bit.Core.Utilities
        public static string SanitizeForEmail(string value)
        {
-            return value.Replace("@", "[at]")
+            var cleanedValue = value.Replace("@", "[at]")
                .Replace("http://", string.Empty)
                .Replace("https://", string.Empty);
            return HttpUtility.HtmlEncode(cleanedValue);
        }
        public static string DateTimeToTableStorageKey(DateTime? date = null)