$OpenBSD: patch-UI_MailerUI_UIxMailListActions_m,v 1.1 2013/07/20 17:39:18 sebastia Exp $

fix XSS reported in bugs:
http://www.sogo.nu/bugs/view.php?id=2368
http://www.sogo.nu/bugs/view.php?id=2369

--- UI/MailerUI/UIxMailListActions.m.orig	Thu Jun 27 17:50:25 2013
+++ UI/MailerUI/UIxMailListActions.m	Fri Jul 19 11:17:47 2013
@@ -753,7 +753,7 @@
       // To
       to = [[message objectForKey: @"envelope"] to];
       if ([to count] > 0)
-	[msg addObject: [addressFormatter stringForArray: to]];
+	[msg addObject: [[addressFormatter stringForArray: to] stringByEscapingHTMLString]];
       else
 	[msg addObject: @""];
 
@@ -778,7 +778,7 @@
       // From
       from = [[message objectForKey: @"envelope"] from];
       if ([from count] > 0)
-	[msg addObject: [addressFormatter stringForArray: from]];
+	[msg addObject: [[addressFormatter stringForArray: from] stringByEscapingHTMLString]];
       else
 	[msg addObject: @""];
       
