Error while editiing general list information page
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GNU Mailman |
Invalid
|
Medium
|
Unassigned |
Bug Description
I got the error message enclosed when I save the
general list information page for the list davd11 after
some editing. Actually, I just have to open the page
http://
ml and klick submit changes (without doing any
changes) for the error page to appear.
Enclosed: error page, error log (zipped)
Fick bifogade meddelande när jag ville redigera några
html-koder i presentationssidan för davd11-listan. Det
räcker att spara den sidan som redan används (som jag
har redigerat tidigare). Nu genererar den detta
felmeddelande. Kan kanske skickas vidare till mailman
eller nåt. Det är inte kritiskt för mig, jag klarar mig.
Eivind
[http://
Changed in mailman: | |
milestone: | none → 2.1.12 |
Changed in mailman: | |
status: | Confirmed → Invalid |
It looks like a few people (eg on Sourceforge) have reported that the suspicious HTML check is too suspicious since it was introduced in version 2.1.9; for instance rejecting innocent META tags. Also, it links to http:// wiki.list. org/x/jYA9 for more information, but there is no information there about the reasons for rejection leading to frustration for the list owner.
"The page you saved contains suspicious HTML that could potentially expose your users to cross-site scripting attacks. This change has therefore been rejected. If you still want to make these changes, you must have shell access to your Mailman server.
See FAQ 4.48."
Could either the list of "badwords" be moved to Defaults.py, or there be an option to say that we trust list owners to edit their own HTML?
I've worked around by hacking /usr/lib/ mailman/ Mailman/ Cgi/edithtml. py line 162.