FAQ
Public bug reported:

List owners may want to edit the list information or subscribe pages to
link to CSS or JS on a main site, to use a standard style or do form
validation, for example. The checks against cross-site scripting
prevent this, and the text suggesting shell access may be inappropriate.
The site admin may trust the list owners, but it may not be desirable
for privacy or firewall reasons to give them SSH access to the Mailman
server. (previously suggested on bug 266273)

It would therefore be very useful to have a global option to turn off
the XSS checking as needed. A simple patch is attached to provide this
option. I didn't find existing translations for the relevant error
messages (in French or Spanish at least).

** Affects: mailman
Importance: Undecided
Status: New

--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/786932

Title:
Feature request: Option to trust list owners' HTML

Search Discussions

  • Cedders at May 23, 2011 at 10:55 am
    ** Patch added: "patch to add option to allow owner's HTML and scripts"
    https://bugs.launchpad.net/bugs/786932/+attachment/2139514/+files/mailman-tolerant-edit-setting.patch

    --
    You received this bug notification because you are a member of Mailman
    Coders, which is subscribed to GNU Mailman.
    https://bugs.launchpad.net/bugs/786932

    Title:
    Feature request: Option to trust list owners' HTML

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupmailman-coders @
categoriespython
postedMay 23, '11 at 10:55a
activeMay 23, '11 at 10:55a
posts2
users1
websitelist.org

1 user in discussion

Cedders: 2 posts

People

Translate

site design / logo © 2022 Grokbase