Topics

locked Direct Add message collapses paragraphs #bug


 

Mark,

The message sent to people directly added to the group is plain text only (which is fine with me), but the whitespace (in particular line breaks) got collapsed as if it were HTML text. For example:

--------
Hello MHS PTSA board member! Welcome to the MHS PTSA email list (hosted by Groups.io). I'm adding you to the email list (group) first. You're my first test of directly adding people to the list. Let me know if you have any questions or concerns, I want to learn if I'm doing this right. If all goes well I'll be adding the entire membership (those that gave me email addresses) to this list "soon". -- Shal
--------

was received instead of a nicely paragraph formatted message.

Looking at the message source, the text/plain part was fine. But in the text/HTML part the entire user-supplied message, including the rows of hyphens above and below, was wrapped in a single HTML paragraph, with <br> separating the hyphens from the rest.

-- Shal


 

Mark...

Acting on a hunch, I was able to "fix" those paragraphs by sprinkling <br> into my Add Message. Three problems:

1) I hope there's an HTML sanitizer at work on that text, otherwise there's a possible exploit there.

2) A text box that looks plain-text (has no formatting buttons) ought to act plain text. That is, all HTML codes ought to be escaped; user-supplied HTML codes, if allowed at all, ought to be entered through a "raw" or "source" editor.

3) The <br>s make the text/plain copy look messy.

-- Shal

At 03:43 PM 8/15/2015, you wrote:
Mark,

The message sent to people directly added to the group is plain text only (which is fine with me), but the whitespace (in particular line breaks) got collapsed as if it were HTML text. For example:

--------
Hello MHS PTSA board member! Welcome to the MHS PTSA email list (hosted by Groups.io). I'm adding you to the email list (group) first. You're my first test of directly adding people to the list. Let me know if you have any questions or concerns, I want to learn if I'm doing this right. If all goes well I'll be adding the entire membership (those that gave me email addresses) to this list "soon". -- Shal
--------

was received instead of a nicely paragraph formatted message.

Looking at the message source, the text/plain part was fine. But in the text/HTML part the entire user-supplied message, including the rows of hyphens above and below, was wrapped in a single HTML paragraph, with <br> separating the hyphens from the rest.

-- Shal


 

Hi Shal,

Sorry about that. It's been fixed.

(Back from vacation and working through the email backlog).

Thanks,
Mark

On Sat, Aug 15, 2015 at 4:06 PM, Shal Farley <shal@...> wrote:
Mark...

Acting on a hunch, I was able to "fix" those paragraphs by sprinkling <br> into my Add Message. Three problems:

1) I hope there's an HTML sanitizer at work on that text, otherwise there's a possible exploit there.

2) A text box that looks plain-text (has no formatting buttons) ought to act plain text. That is, all HTML codes ought to be escaped; user-supplied HTML codes, if allowed at all, ought to be entered through a "raw" or "source" editor.

3) The <br>s make the text/plain copy look messy.

-- Shal


At 03:43 PM 8/15/2015, you wrote:
>Mark,
>
>The message sent to people directly added to the group is plain text only (which is fine with me), but the whitespace (in particular line breaks) got collapsed as if it were HTML text. For example:
>
>--------
>Hello MHS PTSA board member! Welcome to the MHS PTSA email list (hosted by Groups.io). I'm adding you to the email list (group) first. You're my first test of directly adding people to the list. Let me know if you have any questions or concerns, I want to learn if I'm doing this right. If all goes well I'll be adding the entire membership (those that gave me email addresses) to this list "soon". -- Shal
>--------
>
>was received instead of a nicely paragraph formatted message.
>
>Looking at the message source, the text/plain part was fine. But in the text/HTML part the entire user-supplied message, including the rows of hyphens above and below, was wrapped in a single HTML paragraph, with <br> separating the hyphens from the rest.
>
>-- Shal






David P. Dillard
 

Here is another email to add to your backlog. I was extremely impressed and grateful that you took time out while on vacation in Paris to fix your
network down time. Most impressive. I have been telling folks about this and comparing this to the Berlin Wall that surrounds impenitrable Google and Yahoo group services. Thanks so much for everything you do.





Sincerely,
David Dillard
Temple University
(215) 204 - 4584
jwne@temple.edu

On Mon, 17 Aug 2015, Mark Fletcher wrote:

Hi Shal,
Sorry about that. It's been fixed.
(Back from vacation and working through the email backlog).
Thanks,
Mark
On Sat, Aug 15, 2015 at 4:06 PM, Shal Farley <shal@roadrunner.com> wrote:
Mark...

Acting on a hunch, I was able to "fix" those paragraphs by sprinkling <br> into my Add Message. Three problems:

1) I hope there's an HTML sanitizer at work on that text, otherwise there's a possible exploit there.

2) A text box that looks plain-text (has no formatting buttons) ought to act plain text. That is, all HTML codes ought to
be escaped; user-supplied HTML codes, if allowed at all, ought to be entered through a "raw" or "source" editor.

3) The <br>s make the text/plain copy look messy.

-- Shal

At 03:43 PM 8/15/2015, you wrote:
>Mark,
>
>The message sent to people directly added to the group is plain text only (which is fine with me), but the whitespace
(in particular line breaks) got collapsed as if it were HTML text. For example:
>
>--------
>Hello MHS PTSA board member! Welcome to the MHS PTSA email list (hosted by Groups.io). I'm adding you to the email list
(group) first. You're my first test of directly adding people to the list. Let me know if you have any questions or
concerns, I want to learn if I'm doing this right. If all goes well I'll be adding the entire membership (those that gave
me email addresses) to this list "soon". -- Shal
>--------
>
>was received instead of a nicely paragraph formatted message.
>
>Looking at the message source, the text/plain part was fine. But in the text/HTML part the entire user-supplied message,
including the rows of hyphens above and below, was wrapped in a single HTML paragraph, with <br> separating the hyphens
from the rest.
>
>-- Shal


 

On Mon, Aug 17, 2015 at 11:06 AM, David P. Dillard <jwne@...> wrote:

I have been telling folks about this and comparing this to the Berlin Wall that surrounds impenitrable Google and Yahoo group services.  Thanks so much for everything you do.

You're welcome, and thank you for spreading the word!

Mark