From c04fc5ccd7740cef2e5455f7aec103a0b91ca62e Mon Sep 17 00:00:00 2001
From: "justdave%syndicomm.com" <>
Date: Sat, 12 May 2001 01:02:38 +0000
Subject: Fix for bug 38859: escape invalid email addresses for HTML before
 displaying to the user. Patch by Myk Melez <myk@mozilla.org> r=
 jake@acutex.net, justdave@syndicomm.com

---
 CGI.pl | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'CGI.pl')

diff --git a/CGI.pl b/CGI.pl
index 587ecc074..e82ce8911 100644
--- a/CGI.pl
+++ b/CGI.pl
@@ -593,6 +593,9 @@ sub CheckEmailSyntax {
     if ($addr !~ /$match/) {
         print "Content-type: text/html\n\n";
 
+        # For security, escape HTML special characters.
+        $addr = html_quote($addr);
+
         PutHeader("Check e-mail syntax");
         print "The e-mail address you entered\n";
         print "(<b>$addr</b>) didn't match our minimal\n";
-- 
cgit v1.2.3-24-g4f1b