From 5951a6473feb154046b5f5bc53c4ffb17aab149f Mon Sep 17 00:00:00 2001
From: Henrik Levkowetz <henrik@levkowetz.com>
Date: Wed, 26 Feb 2020 17:11:54 +0000
Subject: [PATCH] Added html unescape for email addresses from form data that
 might use html entities for angle brackets.  - Legacy-Id: 17341

---
 ietf/secr/announcement/forms.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ietf/secr/announcement/forms.py b/ietf/secr/announcement/forms.py
index ea8be460c..b4a86be07 100644
--- a/ietf/secr/announcement/forms.py
+++ b/ietf/secr/announcement/forms.py
@@ -1,4 +1,4 @@
-# Copyright The IETF Trust 2013-2019, All Rights Reserved
+# Copyright The IETF Trust 2013-2020, All Rights Reserved
 # -*- coding: utf-8 -*-
 
 
@@ -7,6 +7,7 @@ from __future__ import absolute_import, print_function, unicode_literals
 from django import forms
 
 from ietf.group.models import Group, Role
+from ietf.utils.html import unescape
 from ietf.ietfauth.utils import has_role
 from ietf.message.models import Message, AnnouncementFrom
 from ietf.utils.fields import MultiEmailField
@@ -112,6 +113,8 @@ class AnnounceForm(forms.ModelForm):
             return self.cleaned_data
         if data['to'] == 'Other...' and not data['to_custom']:
             raise forms.ValidationError('You must enter a "To" email address')
+        for k in ['to', 'frm', 'cc',]:
+            data[k] = unescape(data[k])
 
         return data