[Mailman-Users] Removing illegal character user names

Dragon dragon at crimson-dragon.com
Sun Mar 11 21:43:41 CET 2007

Mark Sapiro sent the message below at 12:41 PM 3/11/2007:

>It's as I suspected. The various input tags on the Membership list look
><INPUT name="user at example.com_unsub" type="CHECKBOX" value="off" >
>where user at example.com is the email address. Clearly, if the address
>contains double quotes, the field name gets truncated or garbled, so
>it isn't possible to change anything for this member from the
>Membership list page..
---------------- End original message. ---------------------

Which is valid, and proper HTML usage, all parameters in any HTML tag 
should be enclosed in quotes. It is mandatory in XHTML.

So how do you deal with this?

Quite simply by escaping any non alpha-numeric character with either 
its symbolic or numeric code. It is always good practice in dealing 
with any sort of CGI or user generated data to ensure that just such 
situations or worse will not occur.

If there is a Python module out there for escaping HTML strings, it 
seems like it would be a fairly simple task to apply the escape 
function while generating the output to the page.


  Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)

More information about the Mailman-Users mailing list