If a user causes a e-mail notification (by editing another user's talk page, for example) and the edit summary used contains a template ("{{foo}}", for example), the template will be expanded in the notification e-mail.
A snippet from a recent e-mail notification from the English Wikipedia where the edit summary originally contained "{{User page}} (get rid of it if you want). Consider it to be a suggestion.":
The Wikipedia page "User talk:MZMcBride" has been changed on
25 February 2012 by 7&6=thirteen, with the edit summary: <table
class="plainlinks ombox
ombox-notice " style="margin-left: 0; margin-right: 0; border:1px solid
#ffc9c9; background-color: #fffff3;">
<tr>
<td class="mbox-empty-cell"></td>
<td class="mbox-text" style="font-size: 85%; text-align: center">
I played around with https://test.wikipedia.org/wiki/Template:ENotif_expansion_test to see if you could fool an e-mail client into using the wrong subject line. It seems my e-mail client (Microsoft Entourage) is smart enough to not be fooled, at least.
Between the unsanitized HTML and the ability to insert header lookalikes, this feels very dirty. I haven't yet been able to exploit this template expansion with my e-mail client, but I'm not so sure I trust other e-mail clients (cf. bug 25231) to behave reasonably.
There's no real point in the template expansion of the edit summaries, as far as I can tell. I think it should be removed, though this may upset people if they've been relying on the behavior as a hack of some kind.
Version: unspecified
Severity: major