From eb88abc394fb263a8d53c3ddd099acf2b1605fa6 Mon Sep 17 00:00:00 2001
From: Henrik Levkowetz <henrik@levkowetz.com>
Date: Fri, 21 Feb 2020 15:32:41 +0000
Subject: [PATCH] Removed an instance of 'autoescape off' for submitted meeting
 session comments in a template, since it is not needed in practice, in order
 to avoid an XSS injection opportunity.  - Legacy-Id: 17322

---
 ietf/secr/templates/includes/sessions_request_view.html | 2 --
 1 file changed, 2 deletions(-)

diff --git a/ietf/secr/templates/includes/sessions_request_view.html b/ietf/secr/templates/includes/sessions_request_view.html
index 687a637af..ca69f8a10 100644
--- a/ietf/secr/templates/includes/sessions_request_view.html
+++ b/ietf/secr/templates/includes/sessions_request_view.html
@@ -33,7 +33,5 @@
         <tr class="row1">
           <td>People who must be present:</td>
           <td>{% if session.bethere %}<ul>{% for person in session.bethere %}<li>{{ person }}</li>{% endfor %}</ul>{% else %}<i>None</i>{% endif %}</td>
-        {% autoescape off %}
         <tr class="row2"><td>Special Requests:</td><td>{{ session.comments }}</td></tr>
-        {% endautoescape %}
       </table>