------------------------------------------------------------
revno: 1163
committer: Mark Sapiro <msap...@value.net>
branch nick: 2.2
timestamp: Mon 2011-04-25 16:25:00 -0700
message:
Strengthened escaping of user web data by including some characters that
some older browsers misinterpret as < or >.
modified:
Mailman/Utils.py
NEWS
--
lp:mailman/2.2
https://code.launchpad.net/~mailman-coders/mailman/2.2
Your team Mailman Checkins is subscribed to branch lp:mailman/2.2.
To unsubscribe from this branch go to
https://code.launchpad.net/~mailman-coders/mailman/2.2/+edit-subscription
=== modified file 'Mailman/Utils.py'
--- Mailman/Utils.py 2011-03-21 20:43:40 +0000
+++ Mailman/Utils.py 2011-04-25 23:25:00 +0000
@@ -426,7 +426,15 @@
�
_ampre = re.compile('&((?:#[0-9]+|[a-z]+);)', re.IGNORECASE)
+# Characters misinterpreted as < or > by some broken browsers.
+_broken_browser = {'\x8b': '‹',
+ '\x9b': '›',
+ '\xbc': '¼',
+ '\xbd': '¾',
+ }
def websafe(s):
+ for k in _broken_browser:
+ s = s.replace(k, _broken_browser[k])
# Don't double escape html entities
return _ampre.sub(r'&\1', cgi.escape(s, quote=True))
=== modified file 'NEWS'
--- NEWS 2011-04-25 22:42:31 +0000
+++ NEWS 2011-04-25 23:25:00 +0000
@@ -113,6 +113,9 @@
Bug Fixes and other patches
+ - Strengthened escaping of user web data by including some characters that
+ some older browsers misinterpret as < or >.
+
- Mailman now sets the 'secure' flag in cookies set via https URLs.
Bug #770377.
_______________________________________________
Mailman-checkins mailing list
Mailman-checkins@python.org
Unsubscribe:
http://mail.python.org/mailman/options/mailman-checkins/archive%40jab.org
