Skip to content

Commit 5951a64

Browse files
committed
Added html unescape for email addresses from form data that might use html entities for angle brackets.
- Legacy-Id: 17341
1 parent 2b1014d commit 5951a64

1 file changed

Lines changed: 4 additions & 1 deletion

File tree

ietf/secr/announcement/forms.py

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
# Copyright The IETF Trust 2013-2019, All Rights Reserved
1+
# Copyright The IETF Trust 2013-2020, All Rights Reserved
22
# -*- coding: utf-8 -*-
33

44

@@ -7,6 +7,7 @@
77
from django import forms
88

99
from ietf.group.models import Group, Role
10+
from ietf.utils.html import unescape
1011
from ietf.ietfauth.utils import has_role
1112
from ietf.message.models import Message, AnnouncementFrom
1213
from ietf.utils.fields import MultiEmailField
@@ -112,6 +113,8 @@ def clean(self):
112113
return self.cleaned_data
113114
if data['to'] == 'Other...' and not data['to_custom']:
114115
raise forms.ValidationError('You must enter a "To" email address')
116+
for k in ['to', 'frm', 'cc',]:
117+
data[k] = unescape(data[k])
115118

116119
return data
117120

0 commit comments

Comments
 (0)