Differences between revisions 2 and 3
Revision 2 as of 2008-06-09 16:32:26
Size: 2418
Editor: terri
Comment:
Revision 3 as of 2008-07-31 14:07:18
Size: 2426
Editor: dunxd
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
#pragma page-filename DOC/versions/5603547 #pragma page-filename DOC/versions/5603587
Line 40: Line 40:
For more information on the Mailman command-line tools, see [[../Summary of the mailman bin commands|Summary of the mailman bin commands]]. For more information on the Mailman command-line tools, see [[../4.9 Summary of the mailman bin commands|4.9 Summary of the mailman bin commands]].

3.52. How do I get special characters to appear in my footers?

Adapted from the thread at http://mail.python.org/pipermail/mailman-users/2005-February/043085.html:

Certain special characters are HTML-escaped by Mailman when you edit the footer text using the web admin interface. This is done to prevent XSS (cross-site scripting) attacks. This is to protect against against a malicious list administrator perpetrating attacks by entering scripts into attribute boxes. For general information about this kind of attack, try http://www.google.com/search?q=XSS.

Mailman protects against this by escaping all HTML tag like stuff that's entered in these web forms.

The special characters which get escaped are:

   >   greater-than
   <   less-than
   &   ampersand
   "   double-quote

This means if you want to put these things in msg_footer or whatever, you have to use the command-line tool bin/config_list (or withlist) to do it.

e.g.,

   % bin/config_list -i filename listname

where filename contains something like (ignore leading space characters):

   msg_footer="""a line with "quoted" word
   some other stuff
   """

It doesn't matter what you call the file, and it doesn't really matter where you put it. The important point is that this file is used as input to the config_list command, which takes the information you have provided and stores that into the Python "pickle" that contains the configuration of the affected Mailman mailing list. If you're not a Site Administrator with privileged shell access to the server hosting the mailing list, you will not be able to take the input file and feed that to config_list.

There's no security issue with putting the unescaped characters in via config_list since only a trusted site administrator can do this, and presumably won't put in any villainous stuff.

Note that if you re-edit the footers from the web page, the special characters will be HTML-escaped once again.

For more information on the Mailman command-line tools, see 4.9 Summary of the mailman bin commands.

Last changed on Fri Nov 24 19:31:21 2006 by Mark Sapiro Converted from the Mailman FAQ Wizard

This is one of many Frequently Asked Questions.

MailmanWiki: DOC/How do I get special characters to appear in my footers? (last edited 2015-01-31 02:36:58 by msapiro)