Finalize html encoding rework

tests/e2e/Services/Projects/ProjectsConsoleClientTest.php

@@ -6662,7 +6662,7 @@ class ProjectsConsoleClientTest extends Scope
 
         $this->assertStringContainsString($expectedUrl, $lastEmail['html']);
 
-        // With injection
+        // With injection (allowed, meant to be protected client-side)
         $url = 'http://localhost/auth/signin\"></a><h1>INJECTED</h1>';
 
         $response = $this->client->call(
@@ -6690,11 +6690,12 @@ class ProjectsConsoleClientTest extends Scope
         $this->assertEquals('Password Reset for ' . $this->getProject()['name'], $lastEmail['subject']);
 
         $this->assertStringContainsString('INJECTED', $lastEmail['html']);
-        $this->assertStringNotContainsString('<h1>', $lastEmail['html']);
-        $this->assertStringNotContainsString('</h1>', $lastEmail['html']);
+        $this->assertStringContainsString('<h1>', $lastEmail['html']);
+        $this->assertStringContainsString('</h1>', $lastEmail['html']);
+        $this->assertStringContainsString('">', $lastEmail['html']);
+        $this->assertStringContainsString('</a>', $lastEmail['html']);
 
-        $sanitizedUrl = \htmlentities($url);
-        $expectedUrl = $sanitizedUrl . "?userId=" . $userId . "&secret=";
+        $expectedUrl = $url . "?userId=" . $userId . "&secret=";
         $this->assertStringContainsString($expectedUrl, $lastEmail['html']);
 
     }

tests/e2e/Services/Teams/TeamsCustomClientTest.php

@@ -157,9 +157,11 @@ class TeamsCustomClientTest extends Scope
             'testTeamsInviteHTMLInjection' => $email
         ], JSON_PRETTY_PRINT));
 
-        $encoded = 'http://localhost:5000/join-us\"></a><h1>INJECTED</h1>?';
 
-        $this->assertStringNotContainsString('<h1>INJECTED</h1>', $email['html']);
+        // injection allowed, meant to be protected client-side
+        $encoded = 'http://localhost:5000/join-us\"></a><h1>INJECTED</h1>';
+
+        $this->assertStringContainsString('<h1>INJECTED</h1>', $email['html']);
         $this->assertStringContainsString($encoded, $email['html']);
 
         $response = $this->client->call(Client::METHOD_DELETE, '/teams/' . $teamUid . '/memberships/'.$response['body']['$id'], array_merge([