diff --git a/backend/src/templateFormatter.ts b/backend/src/templateFormatter.ts
index 942786de..1a3d2f3c 100644
--- a/backend/src/templateFormatter.ts
+++ b/backend/src/templateFormatter.ts
@@ -222,6 +222,11 @@ async function evaluateTemplateVariable(theVar: ITemplateVar, values) {
   const value = has(values, theVar.identifier) ? get(values, theVar.identifier) : undefined;
 
   if (typeof value === "function") {
+    // Don't allow running functions in nested objects
+    if (values[theVar.identifier] == null) {
+      return "";
+    }
+
     const args = [];
     for (const arg of theVar.args) {
       if (typeof arg === "object") {
diff --git a/backend/src/utils.ts b/backend/src/utils.ts
index 69b884bd..f3df648f 100644
--- a/backend/src/utils.ts
+++ b/backend/src/utils.ts
@@ -347,6 +347,7 @@ export function get(obj, path, def?): any {
   let cursor = obj;
   const pathParts = path.split(".");
   for (const part of pathParts) {
+    // hasOwnProperty check here is necessary to prevent prototype traversal in tags
     if (!cursor.hasOwnProperty(part)) return def;
     cursor = cursor[part];
     if (cursor === undefined) return def;