Escape anything that's not plaintext

ghga-de · Jul 22, 2024 · 36e8232 · 36e8232
1 parent 4a8b1fd
commit 36e8232
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/ns/core/notifier.py b/src/ns/core/notifier.py
@@ -123,7 +123,7 @@ def _build_email_subtype(
         a dictionary of values.
         """
         # Escape values exposed to the email in case they've been maliciously crafted
-        if template_type == EmailTemplateType.HTML:
+        if template_type != EmailTemplateType.PLAINTEXT:
             for k, v in email_vars.items():
                 if isinstance(v, list):
                     email_vars[k] = ", ".join(