[Mailman-i18n] Pipermail and non-English lists
Thu Nov 21 17:18:47 2002
email@example.com (Barry A. Warsaw) writes:
> Yeah, but the online docs make no mention of this. What specifically
> are the security vulnerabilities?
You can arrange for "cross-site scripting". If you manage to put UTF-7
into some page, utf-7 decoding this could result in, say,
The server-side filter may fail to detect the markup in the input, as
it isn't prepared to see encoding which aren't ASCII-compatible.
You have to bend your mind quite a bit, to make a number of
unreasonable assumptions, for this to result in a successful attack.
for Microsofts explanation of this issue.
More information about the Mailman-i18n