From e5f4701b8a61c7f3eada35942a4850eb781fee7a Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Fri, 6 Jan 2012 00:58:18 +0100
Subject: Bug 714664: The content of the "emailregexpdesc" parameter is not
 escaped when displayed to the user r=dkl a=LpSolit

---
 template/en/default/global/user-error.html.tmpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'template/en/default/global/user-error.html.tmpl')

diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index 52dd32297..723f92042 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -849,7 +849,7 @@
       A legal address must contain exactly one '@',
       and at least one '.' after the @.
     [% ELSE %]
-      [%+ Param('emailregexpdesc') %]
+      [%+ Param('emailregexpdesc') FILTER html_light %]
     [% END %]
     It must also not contain any of these special characters:
     <tt>\ ( ) &amp; &lt; &gt; , ; : &quot; [ ]</tt>, or any whitespace.
-- 
cgit v1.2.3-24-g4f1b