Revision 5 as of 2008-07-31 14:12:06

Clear message

3.52. How do I get special characters to appear in my footers?

Adapted from the thread at http://mail.python.org/pipermail/mailman-users/2005-February/043085.html:

Certain special characters are HTML-escaped by Mailman when you edit the footer text using the web admin interface. This is done to prevent XSS (cross-site scripting) attacks. This is to protect against against a malicious list administrator perpetrating attacks by entering scripts into attribute boxes. For general information about this kind of attack, try http://www.google.com/search?q=XSS.

Mailman protects against this by escaping all HTML tag like stuff that's entered in these web forms.

The special characters which get escaped are:

   >   greater-than
   <   less-than
   &   ampersand
   "   double-quote

This means if you want to put these things in msg_footer or whatever, you have to use the command-line tool bin/config_list (or withlist) to do it.

e.g.,

   % bin/config_list -i filename listname

where filename contains something like (ignore leading space characters):

   msg_footer="""a line with "quoted" word
   some other stuff
   """

It doesn't matter what you call the file, and it doesn't really matter where you put it. The important point is that this file is used as input to the config_list command, which takes the information you have provided and stores that into the Python "pickle" that contains the configuration of the affected Mailman mailing list. If you're not a Site Administrator with privileged shell access to the server hosting the mailing list, you will not be able to take the input file and feed that to config_list.

There's no security issue with putting the unescaped characters in via config_list since only a trusted site administrator can do this, and presumably won't put in any villainous stuff.

Note that if you re-edit the footers from the web page, the special characters will be HTML-escaped once again.

For more information on the Mailman command-line tools, see 4.09 Summary of the mailman bin commands.

Last changed on Fri Nov 24 19:31:21 2006 by Mark Sapiro
Converted from the Mailman FAQ Wizard

This is one of many Frequently Asked Questions.