fix: HTML-encode parameter list in email log (#926)

Parameters can include untrusted user input and must be HTML-encoded when displayed in the admin UI to prevent rendering issues or security vulnerabilities such as HTML injection.

Author: youwe-emre-can

public/js/pimcore/settings/email/log.js

@@ -273,7 +273,7 @@ pimcore.settings.email.log = Class.create({
 
                                         var data = record.data.data;
                                         if (data.type == 'simple') {
-                                            return data.value;
+                                            return Ext.util.Format.htmlEncode(data.value);
                                         } else {
                                             //when the objectPath is set -> the object is still available otherwise it was
                                             // deleted in the meantime