Xss At Shopify Email App

Hello Team, i have found a Xss on the Shopify email app, but it's a bit wired, it's not executing directly but when i am coping the code it is getting executed. step-1: Navigate to https://s1-aug.myshopify.com/admin/apps/shopify-email/editor/3694417 step-2: Add the xss pay load anywhere like subject, preview text or in the selection body section. "/><img src=x onerror=alert(document.domain)> step-3: copy the written code Xss will be fired. ## Impact Code injection leads to xss