Is there any injection vulnerability in the body of an email?

Question

AFAIK there is only a vulnerability within the HEADERS of an email when using user data correct?

I am using the below function to sanitize my data, however I have so

Answer 1

If the email's an HTML mail, and particularly if the receiver's going to be viewing it in a web-based email (Hotmail, Gmail, Yahoo, etc...) or an email client that supports HTML views, then injection into the body is definitely a concern - XSS can happen anywhere.