[Mailman-Users] Removing illegal character user names
dragon at crimson-dragon.com
Sun Mar 11 21:43:41 CET 2007
Mark Sapiro sent the message below at 12:41 PM 3/11/2007:
>It's as I suspected. The various input tags on the Membership list look
><INPUT name="user at example.com_unsub" type="CHECKBOX" value="off" >
>where user at example.com is the email address. Clearly, if the address
>contains double quotes, the field name gets truncated or garbled, so
>it isn't possible to change anything for this member from the
>Membership list page..
---------------- End original message. ---------------------
Which is valid, and proper HTML usage, all parameters in any HTML tag
should be enclosed in quotes. It is mandatory in XHTML.
So how do you deal with this?
Quite simply by escaping any non alpha-numeric character with either
its symbolic or numeric code. It is always good practice in dealing
with any sort of CGI or user generated data to ensure that just such
situations or worse will not occur.
If there is a Python module out there for escaping HTML strings, it
seems like it would be a fairly simple task to apply the escape
function while generating the output to the page.
Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)
More information about the Mailman-Users