Security Feature Request: placeholders which explicitly prevent markdown injection

[furnivall]

Hi there, At current, placeholders are able to be transformed into markdown if they are populated as such.

e.g. if you send [link](dodgy-link here) into ((your-placeholder-here)) it will render in your email.

This presents a compelling opportunity for an adversarial attacker to utilise gov notify's relative respectability as a phishing vector which both appears legitimate and gets through spam filters.

A potential suggestion would be to have specific fields that are populated in user input denoted within the template using some type of new syntax (e.g. ({safe-placeholder})) which gives protection at the template level.

Gov notify could then choose to not send that email, throw an error or even alert the responsible template holder.

It would also allow your team to spot adversarial behaviour patterns via logging.

Hope this is helpful.