3.52. How do I get special characters to appear in my footers?
Adapted from the thread at http://mail.python.org/pipermail/mailman-users/2005-February/043085.html:
Certain special characters are HTML-escaped by Mailman when you edit the footer text using the web admin interface. This is done to prevent XSS (cross-site scripting) attacks. This is to protect against against a malicious list administrator perpetrating attacks by entering scripts into attribute boxes. For general information about this kind of attack, try http://www.google.com/search?q=XSS.
Mailman protects against this by escaping all HTML tag like stuff that's entered in these web forms.
The special characters which get escaped are:
This means if you want to put these things in msg_footer or whatever, you have to use the command-line tool bin/config_list (or withlist) to do it.
where filename contains something like (ignore leading space characters):
It doesn't matter what you call the file, and it doesn't really matter where you put it. The important point is that this file is used as input to the config_list command, which takes the information you have provided and stores that into the Python "pickle" that contains the configuration of the affected Mailman mailing list. If you're not a Site Administrator with privileged shell access to the server hosting the mailing list, you will not be able to take the input file and feed that to config_list.
There's no security issue with putting the unescaped characters in via config_list since only a trusted site administrator can do this, and presumably won't put in any villainous stuff.
Note that if you re-edit the footers from the web page, the special characters will be HTML-escaped once again.
For more information on the Mailman command-line tools, see 4.09 Summary of the mailman bin commands.
Last changed on Fri Nov 24 19:31:21 2006 by Mark Sapiro
Converted from the Mailman FAQ Wizard
This is one of many Frequently Asked Questions.