diff options
Diffstat (limited to '')
| -rw-r--r-- | Mailman/Utils.py | 8 | ||||
| -rw-r--r-- | NEWS | 3 |
2 files changed, 11 insertions, 0 deletions
diff --git a/Mailman/Utils.py b/Mailman/Utils.py index 847e450e..9a29662b 100644 --- a/Mailman/Utils.py +++ b/Mailman/Utils.py @@ -425,7 +425,15 @@ def check_global_password(response, siteadmin=True): _ampre = re.compile('&((?:#[0-9]+|[a-z]+);)', re.IGNORECASE) +# Characters misinterpreted as < or > by some broken browsers. +_broken_browser = {'\x8b': '‹', + '\x9b': '›', + '\xbc': '¼', + '\xbd': '¾', + } def websafe(s): + for k in _broken_browser: + s = s.replace(k, _broken_browser[k]) # Don't double escape html entities return _ampre.sub(r'&\1', cgi.escape(s, quote=True)) @@ -43,6 +43,9 @@ Here is a history of user visible changes to Mailman. Bug Fixes and other patches + - Strengthened escaping of user web data by including some characters that + some older browsers misinterpret as < or >. + - Mailman now sets the 'secure' flag in cookies set via https URLs. Bug #770377. |