Unsubscribe
You really want your template language to automatically escape all strings unless they're flagged as 'I know this contains HTML and I know what I'm doing'. This stops many trivial forms of cross-site-scripting attacks.
You probably also want certain columns of your database to be annotated in such a way that your CMS doesn't accidentally display them to users.