diff options
author | justdave%syndicomm.com <> | 2001-05-12 01:02:38 +0000 |
---|---|---|
committer | justdave%syndicomm.com <> | 2001-05-12 01:02:38 +0000 |
commit | c04fc5ccd7740cef2e5455f7aec103a0b91ca62e (patch) | |
tree | 6488e6e285a4909fcdcaa89da29917b3369bc2b6 /CGI.pl | |
parent | 0776fda7ed23e82f3d09ccabb603e1d4f26f9d42 (diff) | |
download | bugs-c04fc5ccd7740cef2e5455f7aec103a0b91ca62e.tar bugs-c04fc5ccd7740cef2e5455f7aec103a0b91ca62e.tar.gz bugs-c04fc5ccd7740cef2e5455f7aec103a0b91ca62e.tar.bz2 bugs-c04fc5ccd7740cef2e5455f7aec103a0b91ca62e.tar.xz bugs-c04fc5ccd7740cef2e5455f7aec103a0b91ca62e.zip |
Fix for bug 38859: escape invalid email addresses for HTML before displaying to the user.
Patch by Myk Melez <myk@mozilla.org>
r= jake@acutex.net, justdave@syndicomm.com
Diffstat (limited to 'CGI.pl')
-rw-r--r-- | CGI.pl | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -593,6 +593,9 @@ sub CheckEmailSyntax { if ($addr !~ /$match/) { print "Content-type: text/html\n\n"; + # For security, escape HTML special characters. + $addr = html_quote($addr); + PutHeader("Check e-mail syntax"); print "The e-mail address you entered\n"; print "(<b>$addr</b>) didn't match our minimal\n"; |