From 5ff883bc695084e8cf5238fedefd97d502c7fa61 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gast=C3=B3n=20Fournier?= <gaston@getunleash.io>
Date: Tue, 11 Apr 2023 16:13:59 +0200
Subject: [PATCH] fix: security vulnerability (#3497)

This was an oversight of https://github.com/Unleash/unleash/pull/3402
---
 src/lib/routes/admin-api/email.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lib/routes/admin-api/email.ts b/src/lib/routes/admin-api/email.ts
index a58458664e..06e8275f48 100644
--- a/src/lib/routes/admin-api/email.ts
+++ b/src/lib/routes/admin-api/email.ts
@@ -41,7 +41,7 @@ export default class EmailController extends Controller {
         const { template } = req.params;
         const ctx = req.query;
         const data = await this.emailService.compileTemplate(
-            template,
+            sanitize(template),
             TemplateFormat.PLAIN,
             ctx,
         );