From 0edf3725266b3314dbbd29dfd5b97e352e963585 Mon Sep 17 00:00:00 2001
From: Hillel Coren <hillelcoren@gmail.com>
Date: Mon, 8 Oct 2018 10:29:38 +0300
Subject: [PATCH] Sanitize HTML emails

---
 app/Ninja/Mailers/ContactMailer.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/app/Ninja/Mailers/ContactMailer.php b/app/Ninja/Mailers/ContactMailer.php
index 9901f5e3e..0a9a00111 100644
--- a/app/Ninja/Mailers/ContactMailer.php
+++ b/app/Ninja/Mailers/ContactMailer.php
@@ -188,8 +188,14 @@ class ContactMailer extends Mailer
             }
         }
 
+        $body = $this->templateService->processVariables($body, $variables);
+
+        if (Utils::isNinja()) {
+            $body = \HTMLUtils::sanitizeHTML($body);
+        }
+
         $data = [
-            'body' => $this->templateService->processVariables($body, $variables),
+            'body' => $body,
             'link' => $invitation->getLink(),
             'entityType' => $proposal ? ENTITY_PROPOSAL : $invoice->getEntityType(),
             'invoiceId' => $invoice->id,