ok with approving this just as a fix, but i thought this wasn't ideal because the burden of remembering to escape falls on the dev rather than it being a one off fix.
i was thinking of something more along the lines of escapeTemplateArguments which takes T extends BaseEmailTemplateData and what it would do is escape any string argument or array/object of string. then, we'd call it like so:
const templates = escapeTemplateArguments(_templates) (where _templates are teh existing templates)
this makes it a one-off fix that's future proof also since sending emails is quite a common workflow
Originally posted by @seaerchin in #2223 (review)
ok with approving this just as a fix, but i thought this wasn't ideal because the burden of remembering to escape falls on the dev rather than it being a one off fix.
i was thinking of something more along the lines of
escapeTemplateArgumentswhich takesT extends BaseEmailTemplateDataand what it would do is escape any string argument or array/object of string. then, we'd call it like so:const templates = escapeTemplateArguments(_templates)(where_templatesare teh existing templates)this makes it a one-off fix that's future proof also since sending emails is quite a common workflow
Originally posted by @seaerchin in #2223 (review)