diff options
| author | Mark Sapiro <msapiro@value.net> | 2010-09-09 08:16:57 -0700 |
|---|---|---|
| committer | Mark Sapiro <msapiro@value.net> | 2010-09-09 08:16:57 -0700 |
| commit | f653b2a70e36bccd6128c4f4b973e09ea898e2cf (patch) | |
| tree | e8617f48eee66fbb3fe85709ea1e348375f9d9e2 /Mailman/HTMLFormatter.py | |
| parent | aa911e138aa82a21197e0bda656ac51eab45447d (diff) | |
| download | mailman2-f653b2a70e36bccd6128c4f4b973e09ea898e2cf.tar.gz mailman2-f653b2a70e36bccd6128c4f4b973e09ea898e2cf.tar.xz mailman2-f653b2a70e36bccd6128c4f4b973e09ea898e2cf.zip | |
Two potential XSS vulnerabilities have been identified and fixed.
Diffstat (limited to '')
| -rw-r--r-- | Mailman/HTMLFormatter.py | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/Mailman/HTMLFormatter.py b/Mailman/HTMLFormatter.py index 3a21d961..dad51e74 100644 --- a/Mailman/HTMLFormatter.py +++ b/Mailman/HTMLFormatter.py @@ -1,4 +1,4 @@ -# Copyright (C) 1998-2008 by the Free Software Foundation, Inc. +# Copyright (C) 1998-2010 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -383,8 +383,9 @@ class HTMLFormatter: '<mm-mailman-footer>' : self.GetMailmanFooter(), '<mm-list-name>' : self.real_name, '<mm-email-user>' : self._internal_name, - '<mm-list-description>' : self.description, - '<mm-list-info>' : BR.join(self.info.split(NL)), + '<mm-list-description>' : Utils.websafe(self.description), + '<mm-list-info>' : + '<!---->' + BR.join(self.info.split(NL)) + '<!---->', '<mm-form-end>' : self.FormatFormEnd(), '<mm-archive>' : self.FormatArchiveAnchor(), '</mm-archive>' : '</a>', |