#pragma page-filename DOC/versions/4030566
== 3.52. How do I get special characters to appear in my footers? ==

Adapted from the thread at 
[[http://mail.python.org/pipermail/mailman-users/2005-February/043085.html|http://mail.python.org/pipermail/mailman-users/2005-February/043085.html]]:

Certain special characters are HTML-escaped by Mailman when you edit the footer text using the web admin interface. This is done to prevent XSS (cross-site scripting) attacks. This is to protect against against a malicious list administrator perpetrating attacks by entering scripts into attribute boxes. For general information about this kind of attack, try [[http://www.google.com/search?q=XSS|http://www.google.com/search?q=XSS]].

Mailman protects against this by escaping all HTML tag like stuff that's entered in these web forms.

The special characters which get escaped are:

{{{
   &gt;   greater-than
   &lt;   less-than
   &amp;   ampersand
   "   double-quote
}}}

This means if you want to put these things in msg_footer or whatever, you have to use the command-line tool bin/config_list (or withlist) to do it.

e.g.,

{{{
   % bin/config_list -i filename listname
}}}

where filename contains something like (ignore leading space characters):

{{{
   msg_footer="""a line with "quoted" word
   some other stuff
   """
}}}

It doesn't matter what you call the file, and it doesn't really matter where you put it. The important point is that this file is used as input to the config_list command, which takes the information you have provided and stores that into the Python "pickle" that contains the configuration of the affected Mailman mailing list. If you're not a Site Administrator with privileged shell access to the server hosting the mailing list, you will not be able to take the input file and feed that to config_list.

There's no security issue with putting the unescaped characters in via config_list since only a trusted site administrator can do this, and presumably won't put in any villainous stuff.

Note that if you re-edit the footers from the web page, the special characters will be HTML-escaped once again.

For more information on the Mailman command-line tools, see [[../4.09 Summary of the mailman bin commands|4.09 Summary of the mailman bin commands]].

Converted from the Mailman FAQ Wizard

This is one of many [[../Frequently Asked Questions|Frequently Asked Questions]].