Mark Sapiro sent the message below at 12:41 PM 3/11/2007: >It's as I suspected. The various input tags on the Membership list look >like > ><INPUT name="[EMAIL PROTECTED]" type="CHECKBOX" value="off" > > >where [EMAIL PROTECTED] is the email address. Clearly, if the address >contains double quotes, the field name gets truncated or garbled, so >it isn't possible to change anything for this member from the >Membership list page.. ---------------- End original message. ---------------------
Which is valid, and proper HTML usage, all parameters in any HTML tag should be enclosed in quotes. It is mandatory in XHTML. So how do you deal with this? Quite simply by escaping any non alpha-numeric character with either its symbolic or numeric code. It is always good practice in dealing with any sort of CGI or user generated data to ensure that just such situations or worse will not occur. If there is a Python module out there for escaping HTML strings, it seems like it would be a fairly simple task to apply the escape function while generating the output to the page. Dragon ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Venimus, Saltavimus, Bibimus (et naribus canium capti sumus) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ------------------------------------------------------ Mailman-Users mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
