1 |
unnilennium |
1.1 |
=== modified file 'Mailman/Cgi/listinfo.py' |
2 |
|
|
--- Mailman/Cgi/listinfo.py 2010-06-24 04:09:34 +0000 |
3 |
|
|
+++ Mailman/Cgi/listinfo.py 2010-09-05 14:38:30 +0000 |
4 |
|
|
@@ -97,7 +97,7 @@ |
5 |
|
|
else: |
6 |
|
|
advertised.append((mlist.GetScriptURL('listinfo'), |
7 |
|
|
mlist.real_name, |
8 |
|
|
- mlist.description)) |
9 |
|
|
+ Utils.websafe(mlist.description))) |
10 |
|
|
if msg: |
11 |
|
|
greeting = FontAttr(msg, color="ff5060", size="+1") |
12 |
|
|
else: |
13 |
|
|
|
14 |
|
|
=== modified file 'Mailman/HTMLFormatter.py' |
15 |
|
|
--- Mailman/HTMLFormatter.py 2008-02-03 19:27:07 +0000 |
16 |
|
|
+++ Mailman/HTMLFormatter.py 2010-09-05 00:15:08 +0000 |
17 |
|
|
@@ -383,8 +383,9 @@ |
18 |
|
|
'<mm-mailman-footer>' : self.GetMailmanFooter(), |
19 |
|
|
'<mm-list-name>' : self.real_name, |
20 |
|
|
'<mm-email-user>' : self._internal_name, |
21 |
|
|
- '<mm-list-description>' : self.description, |
22 |
|
|
- '<mm-list-info>' : BR.join(self.info.split(NL)), |
23 |
|
|
+ '<mm-list-description>' : Utils.websafe(self.description), |
24 |
|
|
+ '<mm-list-info>' : |
25 |
|
|
+ '<!---->' + BR.join(self.info.split(NL)) + '<!---->', |
26 |
|
|
'<mm-form-end>' : self.FormatFormEnd(), |
27 |
|
|
'<mm-archive>' : self.FormatArchiveAnchor(), |
28 |
|
|
'</mm-archive>' : '</a>', |
29 |
|
|
|
30 |
|
|
diff --git a/Mailman/Utils.py b/Mailman/Utils.py |
31 |
|
|
index 78c2933..4eb3e60 100644 |
32 |
|
|
--- Mailman/Utils.py |
33 |
|
|
+++ Mailman/Utils.py |
34 |
|
|
@@ -887,6 +887,7 @@ _badwords = [ |
35 |
|
|
'<i?frame', |
36 |
|
|
'<link', |
37 |
|
|
'<meta', |
38 |
|
|
+ '<object', |
39 |
|
|
'<script', |
40 |
|
|
r'(?:^|\W)j(?:ava)?script(?:\W|$)', |
41 |
|
|
r'(?:^|\W)vbs(?:cript)?(?:\W|$)', |