Emails from Grammarly missing sanitization(lack of validation?) -> HTML injection in emails

**Summary:** Emails from Grammarly (e.g. "reset password" email) missing HTML sanitization. That leads to content spoofing in emails. ## Steps To Reproduce: 1. Go to "Profile" 2. Find reset password tab (if you're logged in using FB/Google, you won't see this menu) 3. Change email to something like: `[email protected]` -> `user+<h1>[email protected]` 4. Find the letter from Grammarly in your inbox, about password reset attempt. 5. `<h1>` tag is noticeable. ## Impact Currently, the impact is miserable - content spoofing in "reset password" emails (sounds like a joke). However, it's still a bad behavior. I guess that HTML injection through unsanitized/unvalidated input **could affect other Grammarly's email templates**.