Hi, A quick question that may be answered elsewhere, and if so I apologize. In the Web-based list archive, any HTML tags that are included in the "subject" line of a message get sent to the browser as HTML, and so start opening elements like <input>, <pre>, or inserting <hr>s. It would be a very good idea to translate the HTML angle-bracket characters to < > (or the numeric equivalents) at a minimum-- ampersands should probably get the same treatment. As things are now, someone could post a message with a subject line containing a 'script' element that points to a security-exploiting piece of JS somewhere, thus making that month's archive into a trojan horse.
-- Eric A. Meyer ([EMAIL PROTECTED]) http://www.meyerweb.com/eric/ Author, "Cascading Style Sheets: The Definitive Guide" and "CSS 2.0 Programmer's Reference" http://www.meyerweb.com/eric/books/ ------------------------------------------------------ Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py