[ mailman-Bugs-870028 ] html in listinfo is quoted

[SourceForge.net]

Bugs item #870028, was opened at 2004-01-03 21:09
Message generated for change (Comment added) made by hertell
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=870028&group_id=103

Category: Web/CGI
Group: 2.1 (stable)
Status: Open
Resolution: None
Priority: 7
Submitted By: Barry A. Warsaw (bwarsaw)
Assigned to: Barry A. Warsaw (bwarsaw)
Summary: html in listinfo is quoted

Initial Comment:
If you enter html into the 'info' text area, the
listinfo page sees that html as quoted, not as valid
html.  This is a result of the XSS hole closure in
2.1.4, but some innocent tags should be allowed back in.

----------------------------------------------------------------------

Comment By: Rene (hertell)
Date: 2004-01-14 02:43

Message:
Logged In: YES 
user_id=278485

I tracked down the encoding-problem to the following row in
Defaults.py:
add_language('en',    _('English (USA)'),       'us-ascii')

By changing the encoding to iso-8859-1 fixes the problem.
add_language('en',    _('English (USA)'),       'iso-8859-1')

You probably ask why I don't use the admin-pages in my local
language? The ansver is that I prefer English before
anything else.

----------------------------------------------------------------------

Comment By: Rene (hertell)
Date: 2004-01-14 02:23

Message:
Logged In: YES 
user_id=278485

The same goes if you use Umlauts (åäö, or ¨ å
ö) in the welcome-tect text-area. First it converts the
Umlaut-character to an decimal reference (&#228), and after
that it converts the & character into an Character entity. 

In other words; when the user gets the welcome-email that
contains ä characters (ä), it is converted twice: This
is the code-soup for this character that finally arives:
ä instead of the single ä character

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=870028&group_id=103