From ccec7cecdeffedb9a80b24488460932ec7907d09 Mon Sep 17 00:00:00 2001
From: Mark Sapiro <mark@msapiro.net>
Date: Wed, 4 Jul 2018 11:41:14 -0700
Subject: Escaping of HTML entities for the web UI is now done more
 selectively.

---
 Mailman/htmlformat.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'Mailman/htmlformat.py')

diff --git a/Mailman/htmlformat.py b/Mailman/htmlformat.py
index 31795a8a..30be8127 100644
--- a/Mailman/htmlformat.py
+++ b/Mailman/htmlformat.py
@@ -495,7 +495,9 @@ class TextArea:
     def __init__(self, name, text='', rows=None, cols=None, wrap='soft',
                  readonly=0):
         if isinstance(text, str):
-            safetext = Utils.websafe(text)
+            # Double escape HTML entities in non-readonly areas.
+            doubleescape = not readonly
+            safetext = Utils.websafe(text, doubleescape)
         else:
             safetext = text
         self.name = name
-- 
cgit v1.2.3