CRM-17952. Escape HTML in body_text field on "Headers, Footers, and Automated Messages"

diff --git a/templates/CRM/Mailing/Page/Component.tpl b/templates/CRM/Mailing/Page/Component.tpl
index 0a1bb06eac1f72dc99a7b8987b5540597567f75b..d615d492198707795bd87d81de57943952f3a9f0 100644 (file)
--- a/templates/CRM/Mailing/Page/Component.tpl
+++ b/templates/CRM/Mailing/Page/Component.tpl
@@ -49,7 +49,7 @@
            <td class="crm-editable" data-field="name">{$row.name}</td>
            <td>{$row.component_type}</td>
            <td>{$row.subject}</td>
-           <td>{$row.body_text}</td>
+           <td>{$row.body_text|escape}</td>
            <td>{$row.body_html|escape}</td>
            <td>{if $row.is_default eq 1}<img src="{$config->resourceBase}i/check.gif" alt="{ts}Default{/ts}" />{/if}&nbsp;</td>
      <td id="row_{$row.id}_status">{if $row.is_active eq 1} {ts}Yes{/ts} {else} {ts}No{/ts} {/if}</td>