HTML encode sanitized inputs for email templates (#1138)

2025-05-22 03:54:33 -05:00 · 2021-02-11 14:39:13 -05:00 · 2021-02-11 14:39:13 -05:00 · 7c9ea83ad2
commit 7c9ea83ad2
parent 6cc317c4ba
1 changed files with 3 additions and 2 deletions
--- a/src/Core/Utilities/CoreHelpers.cs
+++ b/src/Core/Utilities/CoreHelpers.cs
@ -503,9 +503,10 @@ namespace Bit.Core.Utilities

        public static string SanitizeForEmail(string value)
        {
-            return value.Replace("@", "[at]")
+            var cleanedValue = value.Replace("@", "[at]")
                .Replace("http://", string.Empty)
                .Replace("https://", string.Empty);
+            return HttpUtility.HtmlEncode(cleanedValue);
        }

        public static string DateTimeToTableStorageKey(DateTime? date = null)