On Mon, 2005-10-24 at 09:52 -0700, Mark Sapiro wrote:
[...]
> As Brad points out in another reply, some of this problem is because
> all text entered in the web interface (except for General
> Options->info which is a special case) is HTML escaped to prevent XSS
> attacks. Mailman arguably goes overboard on this, but the 4 characters
Which is a good thing.
> '&' '<' '>' and '"' are changed respectively to &, <, > and
> " by Python's cgi.escape() method.
Makes sense.
Hmm, mailman could replace that four chars with the ASCII chars just for
plain/text parts od sent out emails. That should not open any security
hole and yield real plain/text.
> Thus, you can't even enter ö and have it work in HTML or plain
> text.
Yes, of course, these are two distinct issues. Sorry for confusion.
> You can convert Mailman to use utf-8 for German language, but this will
> not solve the html escaping issue. If you are interested in converting
> to utf-8, there is relevant information in the archives of this list.
I actually reported a bug (though it may not sound so): I enter
(apparently) UTF-8 text (with Firefox it that is important) and it comes
back disguised (and as part of) ISO-8859-1 text.
The question is: Which part is doing something wrong and how to fix it?
Bernd
--
Firmix Software GmbH http://www.firmix.at/
mobil: +43 664 4416156 fax: +43 1 7890849-55
Embedded Linux Development and Services
------------------------------------------------------
Mailman-Users mailing list
[email protected]
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Security Policy:
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
