From 124ca5d8cf0f72bfbfbe57969c9fedeca1749b12 Mon Sep 17 00:00:00 2001
From: Ludovic Marcotte <lmarcotte@inverse.ca>
Date: Wed, 5 Aug 2015 11:08:36 -0400
Subject: [PATCH] (fix) escape the HTML content from the raw source before
 returning it

---
 UI/MailerUI/UIxMailSourceView.m | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/UI/MailerUI/UIxMailSourceView.m b/UI/MailerUI/UIxMailSourceView.m
index 0a8ba86c0..1d36398ca 100644
--- a/UI/MailerUI/UIxMailSourceView.m
+++ b/UI/MailerUI/UIxMailSourceView.m
@@ -20,6 +20,8 @@
 
 #import <NGObjWeb/WOContext.h>
 #import <NGObjWeb/WOResponse.h>
+#import <NGExtensions/NSString+misc.h>
+
 #import <Foundation/NSString.h>
 #import <SoObjects/Mailer/SOGoMailObject.h>
 
@@ -39,7 +41,7 @@
   response = [self responseWithStatus: 200];
   [response setHeader: @"text/plain; charset=utf-8"
 	    forKey: @"content-type"];
-  [response appendContentString: source];
+  [response appendContentString: [source stringByEscapingHTMLString]];
 
   return response;
 }