From 5892d9a2b785315e967e267a212c1640432c8003 Mon Sep 17 00:00:00 2001
From: Thomas Oettli <spacefreak@noop.ch>
Date: Tue, 22 Oct 2019 21:57:53 +0200
Subject: [PATCH] Escape html characters in plain message text

---
 pyquarantine/notifications.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pyquarantine/notifications.py b/pyquarantine/notifications.py
index b736803..54a1a97 100644
--- a/pyquarantine/notifications.py
+++ b/pyquarantine/notifications.py
@@ -221,8 +221,8 @@ class EMailNotification(BaseNotification):
             self.logger.debug(
                 "{}: content mimetype is {}, converting to {}".format(
                     queueid, mimetype, self._html_text))
-            text = re.sub(r"^(.*)$", r"\1<br/>\n",
-                          text.decode(), flags=re.MULTILINE)
+            text = re.sub(r"^(.*)$", r"\1<br/>",
+                          escape(text.decode()), flags=re.MULTILINE)
         else:
             self.logger.debug(
                 "{}: content mimetype is {}".format(