[Mailman-Users] Sanitizer settings on a per-list basis
Mark Sapiro
msapiro at value.net
Sun Apr 23 18:20:55 CEST 2006
Matt Cohen wrote:
>I know about setting the Scrubber/santizer settings in mm_cfg.py as
>per this FAQ entry:
>
>http://www.python.org/cgi-bin/faqw-mm.py?req=edit&file=faq04.037.htp
>
>But is there a way to make it apply on a per-list basis rather than
>server-wide?
No there isn't. The reason for this is that this allows cross site
scripting (XSS) atacks against the entire server by archiving
potentially malicious HTML. This is a server-wide vulnerability so it
should be up to the server administrators to enable it.
We could treat the option differently, as for example we do with
OWNERS_CAN_ENABLE_PERSONALIZATION, but since we highly discourage this
option anyway, no one has made the effort to implement this.
--
Mark Sapiro <msapiro at value.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list