List owners may want to edit the list information or subscribe pages to
link to CSS or JS on a main site, to use a standard style or do form
validation, for example. The checks against cross-site scripting
prevent this, and the text suggesting shell access may be inappropriate.
The site admin may trust the list owners, but it may not be desirable
for privacy or firewall reasons to give them SSH access to the Mailman
server. (previously suggested on bug 266273)
It would therefore be very useful to have a global option to turn off
the XSS checking as needed. A simple patch is attached to provide this
option. I didn't find existing translations for the relevant error
messages (in French or Spanish at least).
** Affects: mailman
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/786932
Title:
Feature request: Option to trust list owners' HTML
