[conspire] HTMLisation run amok
Michael Paoli
Michael.Paoli at cal.berkeley.edu
Tue Feb 23 19:55:12 PST 2016
Ah, yes, nice catch.
My bad ... and theirs. I should'a tried a bit harder, but figured they
wouldn't make it that hard, wanting to be all-inclusive for all
Americans, to, oh, say be blind or vision impaired, and copy and paste
the link from the plain text email into ... Oh well, so much for
applying reasonable logic to governmental operations. I'd probably
worked it out before - if they were doing same before, but managed to
miss it this time ... I basically applied same algorithm ... thrice but
missed a step each time. The "plain" bit ... MIME quoted printable ...
well, first the text of the plain text looked horrible - looked like
someone pretty much just dumped a bunch of html cr*p in there. That
looked quite unusable, ... so next I went to the message source -
grabbed the plain text part, took the URL part, and did the appropriate
unconverting of the MIME quoted printable. Tried that URL, and it
didn't work. Then I looked at that URL and compared it to that in the
HTML portion - it precisely matched, so I figured I'd converted
properly, and it was broken. Repeated the whole process two more times
... two more emails ... failed again each time in same manner. I
should've inspected the URL a bit more closely, and realized their f*ck
up. I even have a very handy tool I wrote that deals with that ...
slightly different intended purpose ... but well does the trick.
htmlquote - and htmlunquote - specifically htmlunquote in this case.
Applied that to the URLs I otherwise had, tried the resultant URLs from
that ... those worked fine - so got it signed (or thrice signed ...
whatever). I more typically use htmlquote and htmlunquote, when I want
to "comment out" some html within an html page. Use htmlquote on that
part of the html, then place it within html comment tags, and it's
safely* commented out - and reverse the process, using htmlunquote, to
get it back. If one is curious or wants 'em, can find htmlquote and
htmlunquote under:
http://www.rawbw.com/~mp/unix/sh/examples/
I also used to use mimencode -u -q a lot. Then the package having that
handy utility went away from Debian ... so ... I coded up a teensy
little perl utility that gave just the functionality of mimencode that
I was using anyway (which was probably just slightly less work than
otherwise hunting down a suitable replacement for mimencode).
*Well, for HTML 2.0 or so. I haven't fully validated it for newer versions.
> Date: Tue, 23 Feb 2016 10:39:22 -0800
> From: Rick Moen <rick at linuxmafia.com>
> To: conspire at linuxmafia.com
> Subject: Re: [conspire] Halt efforts that compel Apple and other
> device makers to create a "backdoor" for the Government to access
> citizens data | We the People: Your Voice in Our Government
> Message-ID: <20160223183922.GY24965 at linuxmafia.com>
> Content-Type: text/plain; charset=utf-8
>
> Quoting Michael Paoli (Michael.Paoli at cal.berkeley.edu)
>
>> Hmmmm,
>>
>> I've trice thrice now, to sign that petition.
>>
>> Each time it requires use of an email verification link to finish
>> the process,
>> and each time that link received in the email gives a 404 error.
>> I've successfully signed petitions on that site before without problems.
>
> I figured that one out. petitions.whitehouse.gov sends its confirmation
> e-mails in multipart-alternative format, plaintext vs. HTML. The
> plaintext version's URLs, perversely, have certain characters, notably
> the ampersand, expanded to HTML character entities (in ampersand's case,
> to '&'). Thus, if you copy and paste the URL from the plaintext
> mail to your Web browser, it's an invalid URL.
>
> OTOH, if you copy and paste the _rendered_ version of the URL from the
> mail's HTML portion, it's fine.
>
> An example of HTMLisation run amok.
More information about the conspire
mailing list