Mark Sapiro writes: > I understand the point about good practice, and we do try to validate > user input in Mailman to avoid possible XSS attacks via the web > interface. What we're dealing with here are syntactically validated > email addresses so the really nasty stuff has already been caught. > > Still, I'm interested in feedback from anyone who has an opinion about > this.
How about a separate query box for getting at these unusual (if not bogus) addresses? Then the screenscrapers should continue to work, unless their parsers will break if the output is not identical up to the </html>. For example, add to the member search query a "find invalid addresses" button. This should not cause any problems unless such addresses are present, and you don't need to worry about 100% RFC correctness (ie, you can be stricter than RFC 2822 demands) since any actual actions will be manual. ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
