summaryrefslogtreecommitdiff
path: root/Mailman/Cgi/admin.py
diff options
context:
space:
mode:
Diffstat (limited to 'Mailman/Cgi/admin.py')
-rw-r--r--Mailman/Cgi/admin.py4
1 files changed, 3 insertions, 1 deletions
diff --git a/Mailman/Cgi/admin.py b/Mailman/Cgi/admin.py
index fcff2d755..3d7a80be4 100644
--- a/Mailman/Cgi/admin.py
+++ b/Mailman/Cgi/admin.py
@@ -61,7 +61,9 @@ def main():
try:
mlist = MailList.MailList(listname, lock=0)
except Errors.MMListError, e:
- admin_overview(_('No such list <em>%(listname)s</em>'))
+ # Avoid cross-site scripting attacks
+ safelistname = cgi.escape(listname)
+ admin_overview(_('No such list <em>%(safelistname)s</em>'))
syslog('error', 'admin.py access for non-existent list: %s',
listname)
return
generated by cgit v1.2.3-70-g09d2 (git 2.51.2) at 2025-11-09 11:19:58 +0000