[Mailman-i18n] Pipermail and non-English lists

Martin v.Löwis loewis@informatik.hu-berlin.de
Thu Nov 21 17:18:47 2002

barry@python.org (Barry A. Warsaw) writes:

> Yeah, but the online docs make no mention of this.  What specifically
> are the security vulnerabilities?

You can arrange for "cross-site scripting". If you manage to put UTF-7
into some page, utf-7 decoding this could result in, say,

  <script src="some.hostile.com">data</script>

The server-side filter may fail to detect the markup in the input, as
it isn't prepared to see encoding which aren't ASCII-compatible.

You have to bend your mind quite a bit, to make a number of
unreasonable assumptions, for this to result in a successful attack.



for Microsofts explanation of this issue.


More information about the Mailman-i18n mailing list