aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/Cgi/edithtml.py
diff options
context:
space:
mode:
authortkikuchi <>2005-11-30 02:24:39 +0000
committertkikuchi <>2005-11-30 02:24:39 +0000
commitd588214c9fb07cb20ee522d4fb103d12e35b7309 (patch)
tree35212e18a3b379bff1c44a03d54e86501acf94d5 /Mailman/Cgi/edithtml.py
parent0ed64f809db4b66380b095801dc5a406cce71e8f (diff)
downloadmailman2-d588214c9fb07cb20ee522d4fb103d12e35b7309.tar.gz
mailman2-d588214c9fb07cb20ee522d4fb103d12e35b7309.tar.xz
mailman2-d588214c9fb07cb20ee522d4fb103d12e35b7309.zip
List admins should be disallowd to insert script tags.
Diffstat (limited to 'Mailman/Cgi/edithtml.py')
-rw-r--r--Mailman/Cgi/edithtml.py1
1 files changed, 1 insertions, 0 deletions
diff --git a/Mailman/Cgi/edithtml.py b/Mailman/Cgi/edithtml.py
index 9a07cdc0..1d36d5f6 100644
--- a/Mailman/Cgi/edithtml.py
+++ b/Mailman/Cgi/edithtml.py
@@ -156,6 +156,7 @@ def ChangeHTML(mlist, cgi_info, template_name, doc):
doc.AddItem('<hr>')
return
code = cgi_info['html_code'].value
+ code = re.sub(r'<([/]?script.*?)>', r'&lt;\1&gt;', code)
langdir = os.path.join(mlist.fullpath(), mlist.preferred_language)
# Make sure the directory exists
omask = os.umask(0)
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-02 13:40:56 +0000