I'm using Django Contact Form on a website to allow visitors to send emails.
Currently, it's escaping characters, so single and double quotation marks are converted to '
and "
respectively. The emails would be more readable if quotation marks were displayed as '
and "
.
I understand why I should never put unescaped input from visitors into my webpages, because of the risk of xss. Is there the same risk with emails, or is it ok to send the visitor's unescaped input?