[Mailman-Users] Per-list setting for ARCHIVE_HTML_SANITIZER?

Mark Sapiro msapiro at value.net
Sat Jul 29 01:36:19 CEST 2006


Jim Vanderveen wrote:
>
>Can ARCHIVE_HTML_SANITIZER be set on a per-list basis? It seems to be  
>a global setting, but I just wanted to check with all the brains  
>behind Mailman before I pursue other options.
>
>BTW, we're running Mailman 2.1.2


No, it can't. At least one reason why not is setting it to allow
unescaped HTML enables XSS attacks through the archives, and this is a
choice that should be made by a site admin, not a list owner.

-- 
Mark Sapiro <msapiro at value.net>       The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan




More information about the Mailman-Users mailing list