From 8a06492a142e7c508f562f426bf8b75d4ee92ff0 Mon Sep 17 00:00:00 2001
From: Mattias Michaux <mattias.michaux@gmail.com>
Date: Thu, 17 Mar 2016 20:14:12 +1300
Subject: [PATCH] CRM-17952. Escape HTML in body_text field on "Headers,
 Footers, and Automated Messages"

---
 templates/CRM/Mailing/Page/Component.tpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/CRM/Mailing/Page/Component.tpl b/templates/CRM/Mailing/Page/Component.tpl
index 0a1bb06eac..d615d49219 100644
--- a/templates/CRM/Mailing/Page/Component.tpl
+++ b/templates/CRM/Mailing/Page/Component.tpl
@@ -49,7 +49,7 @@
            <td class="crm-editable" data-field="name">{$row.name}</td>
            <td>{$row.component_type}</td>
            <td>{$row.subject}</td>
-           <td>{$row.body_text}</td>
+           <td>{$row.body_text|escape}</td>
            <td>{$row.body_html|escape}</td>
            <td>{if $row.is_default eq 1}<img src="{$config->resourceBase}i/check.gif" alt="{ts}Default{/ts}" />{/if}&nbsp;</td>
      <td id="row_{$row.id}_status">{if $row.is_active eq 1} {ts}Yes{/ts} {else} {ts}No{/ts} {/if}</td>
-- 
2.25.1