Re: [Mailman-Users] won't let me edit the HTML

I have an update on this. I was trying to pinpoint exactly what "change" caused this, and as I deleted changes, starting with the link, I still kept getting the same rejection. Then I just went to edit the page, and made no changes at all, clicked on Submit Changes, and it *still* gave me the rejection. Am I missing something?
Bill
I am trying to customize our Options page, and I want to add links to our main website within the page (really the only changes I am making). When I try to save, I get:
"The page you saved contains suspicious HTML that could potentially expose your users to cross-site scripting attacks. This change has therefore been rejected. If you still want to make these changes, you must have shell access to your Mailman server."
Cross-site scripting attacks from a simple link? I'm feeling the weight of big brother here.

Bill Catambay wrote:
I have an update on this. I was trying to pinpoint exactly what "change" caused this, and as I deleted changes, starting with the link, I still kept getting the same rejection. Then I just went to edit the page, and made no changes at all, clicked on Submit Changes, and it *still* gave me the rejection. Am I missing something?
The cause is the
<link rel="SHORTCUT ICON" href="<mm-favicon>">
line in the base template. This was fixed in Mailman 2.1.12 by exempting that specific link tag, but in Mailman 2.1.9 through 2.1.11, the easiest thing is to remove the offending line from your edited template.
See <http://sourceforge.net/tracker/index.php?func=detail&aid=2164798&group_id=103&atid=100103> for more info on this.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (2)
-
Bill Catambay
-
Mark Sapiro