[Mailman-Users] Sanitizer settings on a per-list basis

Mark Sapiro msapiro at value.net
Sun Apr 23 18:20:55 CEST 2006


Matt Cohen wrote:

>I know about setting the Scrubber/santizer settings in mm_cfg.py as 
>per this FAQ entry:
>
>http://www.python.org/cgi-bin/faqw-mm.py?req=edit&file=faq04.037.htp
>
>But is there a way to make it apply on a per-list basis rather than 
>server-wide?


No there isn't. The reason for this is that this allows cross site
scripting (XSS) atacks against the entire server by archiving
potentially malicious HTML. This is a server-wide vulnerability so it
should be up to the server administrators to enable it.

We could treat the option differently, as for example we do with
OWNERS_CAN_ENABLE_PERSONALIZATION, but since we highly discourage this
option anyway, no one has made the effort to implement this.

-- 
Mark Sapiro <msapiro at value.net>       The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan




More information about the Mailman-Users mailing list