diff --git a/Mailman/Cgi/listinfo.py b/Mailman/Cgi/listinfo.py index abbf570..27bd0db 100644 --- a/Mailman/Cgi/listinfo.py +++ b/Mailman/Cgi/listinfo.py @@ -93,7 +93,7 @@ def listinfo_overview(msg=''): else: advertised.append((mlist.GetScriptURL('listinfo'), mlist.real_name, - mlist.description)) + Utils.websafe(mlist.description))) if msg: greeting = FontAttr(msg, color="ff5060", size="+1") else: diff --git a/Mailman/HTMLFormatter.py b/Mailman/HTMLFormatter.py index 3a21d96..dad51e7 100644 --- a/Mailman/HTMLFormatter.py +++ b/Mailman/HTMLFormatter.py @@ -1,4 +1,4 @@ -# Copyright (C) 1998-2008 by the Free Software Foundation, Inc. +# Copyright (C) 1998-2010 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -383,8 +383,9 @@ class HTMLFormatter: '<mm-mailman-footer>' : self.GetMailmanFooter(), '<mm-list-name>' : self.real_name, '<mm-email-user>' : self._internal_name, - '<mm-list-description>' : self.description, - '<mm-list-info>' : BR.join(self.info.split(NL)), + '<mm-list-description>' : Utils.websafe(self.description), + '<mm-list-info>' : + '<!---->' + BR.join(self.info.split(NL)) + '<!---->', '<mm-form-end>' : self.FormatFormEnd(), '<mm-archive>' : self.FormatArchiveAnchor(), '</mm-archive>' : '</a>', diff --git a/Mailman/Utils.py b/Mailman/Utils.py index 847d1a8..ca2a275 100644 --- a/Mailman/Utils.py +++ b/Mailman/Utils.py @@ -1,4 +1,4 @@ -# Copyright (C) 1998-2009 by the Free Software Foundation, Inc. +# Copyright (C) 1998-2010 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -908,6 +908,7 @@ _badwords = [ # Kludge to allow the specific tag that's in the options.html template. '<link(?! rel="SHORTCUT ICON" href="<mm-favicon>">)', '<meta', + '<object', '<script', r'(?:^|\W)j(?:ava)?script(?:\W|$)', r'(?:^|\W)vbs(?:cript)?(?:\W|$)',