altf4arnold/datatracker
1
0
Fork 0
Code Issues Pull requests Actions 2 Packages Projects Releases Wiki Activity

Added html unescape for email addresses from form data that might use html entities for angle brackets.

Browse source 
- Legacy-Id: 17341
This commit is contained in:
Henrik Levkowetz 2020-02-26 17:11:54 +00:00
parent 2b1014d66c
commit 5951a6473f
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
ietf/secr/announcement/forms.py
View file

@ -1,4 +1,4 @@
# Copyright The IETF Trust 2013-2019, All Rights Reserved
# Copyright The IETF Trust 2013-2020, All Rights Reserved
# -*- coding: utf-8 -*-
@ -7,6 +7,7 @@ from __future__ import absolute_import, print_function, unicode_literals
from django import forms
from ietf.group.models import Group, Role
from ietf.utils.html import unescape
from ietf.ietfauth.utils import has_role
from ietf.message.models import Message, AnnouncementFrom
from ietf.utils.fields import MultiEmailField
@ -112,6 +113,8 @@ class AnnounceForm(forms.ModelForm):
return self.cleaned_data
if data['to'] == 'Other...' and not data['to_custom']:
raise forms.ValidationError('You must enter a "To" email address')
for k in ['to', 'frm', 'cc',]:
data[k] = unescape(data[k])
return data