Commit 932532b5 authored 4 years ago by Nicolas Lempereur

[FIX] mail.py: escape plaintext email


A plaintext email is displayed in a `<pre/>` tag to conserve spacing.

But since there is no escaping, if in this text there was XML tags or
HTML entities, they would appear as HTML in browser which is not wanted.

Do note that this was not a security issue since the content will still
be subjected to the checks and foundling of HTML emails.

Without the change, the added test would fail because character &,<,>
were not escaped.

opw-2242323
closes #50003

Signed-off-by: Nicolas Lempereur (nle) <nle@odoo.com>

parent ab70afb3

No related branches found

No related tags found

No related merge requests found

Hide whitespace changes

Inline Side-by-side

Showing with 3 additions and 1 deletion

Please register or to comment