[ mailman-Bugs-870028 ] html in listinfo is quoted
Bugs item #870028, was opened at 2004-01-03 21:09 Message generated for change (Comment added) made by hertell You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=870028&group_id=103 Category: Web/CGI Group: 2.1 (stable) Status: Open Resolution: None Priority: 7 Submitted By: Barry A. Warsaw (bwarsaw) Assigned to: Barry A. Warsaw (bwarsaw) Summary: html in listinfo is quoted Initial Comment: If you enter html into the 'info' text area, the listinfo page sees that html as quoted, not as valid html. This is a result of the XSS hole closure in 2.1.4, but some innocent tags should be allowed back in. ---------------------------------------------------------------------- Comment By: Rene (hertell) Date: 2004-01-14 02:23 Message: Logged In: YES user_id=278485 The same goes if you use Umlauts (åäö, or ¨ å ö) in the welcome-tect text-area. First it converts the Umlaut-character to an decimal reference (ä), and after that it converts the & character into an Character entity. In other words; when the user gets the welcome-email that contains ä characters (ä), it is converted twice: This is the code-soup for this character that finally arives: ä instead of the single ä character ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=870028&group_id=103
participants (1)
-
SourceForge.net