24 Jul
2000
24 Jul
'00
3:29 p.m.
Hi, Developers,
While I am working on Japanese translation of Mailman, I realized there are many cases that HTML escaping (like < to <) are needed in view of CERT Advisory 2000-02, http://www.cert.org/advisories/CA-2000-02.html. This is also known as 'cross site scripting', see http://www.apache.org/info/css-security/.
They are to be avoided by rewriting doc.AddItem(Bold('No such list %s' % listname)) to doc.AddItem(Bold('No such list %s' % cgi.escape(listname)))
I hope these corrections will be done in the nearest future release.
Thank you.
-- Tokio Kikuchi, tkikuchi@is.kochi-u.ac.jp http://weather.is.kochi-u.ac.jp/
8671
Age (days ago)
8671
Last active (days ago)
0 comments
1 participants
participants (1)
-
Tokio Kikuchi