[Bug 266273] Re: Error while editiing general list information page
cedric at gn.apc.org
Thu Feb 18 21:07:03 CET 2010
Oops, sorry. I was trying too hard not to create a duplicate, and am
surprised it isn't already on launchpad, having seen the Sourceforge
report you mention. Should I resubmit as a new bug/request?
I'm using 2.1.12 and still seeing the error - I gather the fix was to
add a lookahead exclusion based on the current options template. Having
seen quite a few recent injected HTML attacks on the lines of Gumblar, I
wonder if it would be adequate to block on the basis only of meta
refresh, iframe, script src= and certain JS keywords like unescape and
str_replace; on the other hand, the badwords list is probably not that
comprehensive: it doesn't exclude possible XSS routes like embed, object
IMHO a "trusted list admin" option would cover most needs most easily -
giving SSH access to an (untrusted?) user might create greater security
I shared the list administrator's misunderstanding of the FAQ reference
because of context.
Error while editiing general list information page
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
More information about the Mailman-coders