From d588214c9fb07cb20ee522d4fb103d12e35b7309 Mon Sep 17 00:00:00 2001
From: tkikuchi <>
Date: Wed, 30 Nov 2005 02:24:39 +0000
Subject: List admins should be disallowd to insert script tags.

---
 Mailman/Cgi/edithtml.py | 1 +
 1 file changed, 1 insertion(+)

(limited to 'Mailman')

diff --git a/Mailman/Cgi/edithtml.py b/Mailman/Cgi/edithtml.py
index 9a07cdc0..1d36d5f6 100644
--- a/Mailman/Cgi/edithtml.py
+++ b/Mailman/Cgi/edithtml.py
@@ -156,6 +156,7 @@ def ChangeHTML(mlist, cgi_info, template_name, doc):
         doc.AddItem('<hr>')
         return
     code = cgi_info['html_code'].value
+    code = re.sub(r'<([/]?script.*?)>', r'&lt;\1&gt;', code)
     langdir = os.path.join(mlist.fullpath(), mlist.preferred_language)
     # Make sure the directory exists
     omask = os.umask(0)
-- 
cgit v1.2.3