From 5369090916c509b1c5cef64698c2fda2d96a5036 Mon Sep 17 00:00:00 2001
From: oudeismetis <edward@thinknimble.com>
Date: Mon, 23 Sep 2024 09:32:11 -0400
Subject: [PATCH] Prevent bad actors injecting behavior into emails

---
 .../core/templates/_action-email-base.html                      | 2 ++
 .../core/templates/_alert-email-base.html                       | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/{{cookiecutter.project_slug}}/server/{{cookiecutter.project_slug}}/core/templates/_action-email-base.html b/{{cookiecutter.project_slug}}/server/{{cookiecutter.project_slug}}/core/templates/_action-email-base.html
index 063bac8a4..8dd08f7d1 100644
--- a/{{cookiecutter.project_slug}}/server/{{cookiecutter.project_slug}}/core/templates/_action-email-base.html
+++ b/{{cookiecutter.project_slug}}/server/{{cookiecutter.project_slug}}/core/templates/_action-email-base.html
@@ -1,5 +1,6 @@
 {%- raw -%}
 {% load static %}
+{% autoescape on %}
 
 {% comment %}
 
@@ -248,4 +249,5 @@
 </table>
 </body>
 </html>
+{% endautoescape %}
 {%- endraw -%}
diff --git a/{{cookiecutter.project_slug}}/server/{{cookiecutter.project_slug}}/core/templates/_alert-email-base.html b/{{cookiecutter.project_slug}}/server/{{cookiecutter.project_slug}}/core/templates/_alert-email-base.html
index 63f06e2e3..bb46256a8 100644
--- a/{{cookiecutter.project_slug}}/server/{{cookiecutter.project_slug}}/core/templates/_alert-email-base.html
+++ b/{{cookiecutter.project_slug}}/server/{{cookiecutter.project_slug}}/core/templates/_alert-email-base.html
@@ -1,5 +1,6 @@
 {%- raw -%}
 {% load static %}
+{% autoescape on %}
 
 {% comment %}
 
@@ -234,4 +235,5 @@
 </table>
 </body>
 </html>
+{% endautoescape %}
 {%- endraw -%}