From f653b2a70e36bccd6128c4f4b973e09ea898e2cf Mon Sep 17 00:00:00 2001
From: Mark Sapiro <msapiro@value.net>
Date: Thu, 9 Sep 2010 08:16:57 -0700
Subject: Two potential XSS vulnerabilities have been identified and fixed.

---
 Mailman/Cgi/listinfo.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'Mailman/Cgi/listinfo.py')

diff --git a/Mailman/Cgi/listinfo.py b/Mailman/Cgi/listinfo.py
index 22ab9d5f..8aaae14c 100644
--- a/Mailman/Cgi/listinfo.py
+++ b/Mailman/Cgi/listinfo.py
@@ -1,4 +1,4 @@
-# Copyright (C) 1998-2009 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2010 by the Free Software Foundation, Inc.
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -97,7 +97,7 @@ def listinfo_overview(msg=''):
             else:
                 advertised.append((mlist.GetScriptURL('listinfo'),
                                    mlist.real_name,
-                                   mlist.description))
+                                   Utils.websafe(mlist.description)))
     if msg:
         greeting = FontAttr(msg, color="ff5060", size="+1")
     else:
-- 
cgit v1.2.3