From 520f67068bc312f2dfc7a6204294a1c938f89fe9 Mon Sep 17 00:00:00 2001
From: Mark Sapiro <mark@msapiro.net>
Date: Mon, 21 May 2018 11:37:57 -0700
Subject: A few more error messages have had their values HTML escaped.

---
 Mailman/Gui/GUIBase.py | 3 ++-
 NEWS                   | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/Mailman/Gui/GUIBase.py b/Mailman/Gui/GUIBase.py
index 32d19929..95d7d177 100644
--- a/Mailman/Gui/GUIBase.py
+++ b/Mailman/Gui/GUIBase.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2002-2015 by the Free Software Foundation, Inc.
+# Copyright (C) 2002-2018 by the Free Software Foundation, Inc.
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -173,6 +173,7 @@ class GUIBase:
                 doc.addError(_('Invalid value for variable: %(property)s'))
             # This is the parent of MMBadEmailError and MMHostileAddress
             except Errors.EmailAddressError, error:
+                error = Utils.websafe(str(error))
                 doc.addError(
                     _('Bad email address for option %(property)s: %(error)s'))
             else:
diff --git a/NEWS b/NEWS
index 3f0238f4..e5623b0b 100644
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,8 @@ Here is a history of user visible changes to Mailman.
     - Existing protections against malicious listowners injecting evil
       scripts into listinfo pages have had a few more checks added.
 
+    - A few more error messages have had their values HTML escaped.
+
   i18n
 
     - The Russian translation has been updated by Danil Smirnov.
-- 
cgit v1.2.3