Mark Sapiro writes:
> I understand the point about good practice, and we do try to validate
> user input in Mailman to avoid possible XSS attacks via the web
> interface. What we're dealing with here are syntactically validated
> email addresses so the really nasty stuff has already been caugh
Dragon wrote:
>Mark Sapiro sent the message below at 12:41 PM 3/11/2007:
>
>>It's as I suspected. The various input tags on the Membership list look
>>like
>>
>>
>>
>>where [EMAIL PROTECTED] is the email address. Clearly, if the address
>>contains double quotes, the field name gets truncated or ga
Mark Sapiro sent the message below at 12:41 PM 3/11/2007:
>It's as I suspected. The various input tags on the Membership list look
>like
>
>
>
>where [EMAIL PROTECTED] is the email address. Clearly, if the address
>contains double quotes, the field name gets truncated or garbled, so
>it isn't poss
Mark Sapiro wrote:
>
>However, I can add "User"[EMAIL PROTECTED]> or "User"[EMAIL PROTECTED],
>and the address "User"[EMAIL PROTECTED] gets added with no real name.
>This too is what I would expect (I don't know if we should disallow "
>in an email address).
Quoted local parts are allowed in emai
Mike Maughan wrote:
>
>It is also possible I've discovered a bug, in which case the circumstances
>were a mass subscribe exercise where (in this case) I forgot to add a space
>between the username and the email address, so the input line looked like
>this "User"<[EMAIL PROTECTED]> and the list adde
Hi all,
Through some finger incontinence on my part (trying to do list admin
w too late at night when I should have been in bed asleep) I have
managed to add an illegally-named user whom I now cannot unsubscribe ...
It is also possible I've discovered a bug, in which case the circumstance
