[Mailman-Users] Per-list setting for ARCHIVE_HTML_SANITIZER?
Mark Sapiro
msapiro at value.net
Sat Jul 29 01:36:19 CEST 2006
Jim Vanderveen wrote:
>
>Can ARCHIVE_HTML_SANITIZER be set on a per-list basis? It seems to be
>a global setting, but I just wanted to check with all the brains
>behind Mailman before I pursue other options.
>
>BTW, we're running Mailman 2.1.2
No, it can't. At least one reason why not is setting it to allow
unescaped HTML enables XSS attacks through the archives, and this is a
choice that should be made by a site admin, not a list owner.
--
Mark Sapiro <msapiro at value.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list