=== modified file 'Mailman/Cgi/edithtml.py'
--- Mailman/Cgi/edithtml.py	2010-03-29 20:48:11 +0000
+++ Mailman/Cgi/edithtml.py	2011-05-23 10:01:27 +0000
@@ -161,14 +161,15 @@
         doc.AddItem('<hr>')
         return
     code = cgi_info['html_code'].value
-    if Utils.suspiciousHTML(code):
+    if Utils.suspiciousHTML(code) and not mm_cfg.OWNERS_CAN_USE_FULL_HTML:
         doc.AddItem(Header(3,
            _("""The page you saved contains suspicious HTML that could
 potentially expose your users to cross-site scripting attacks.  This change
 has therefore been rejected.  If you still want to make these changes, you
-must have shell access to your Mailman server.
+must contact the site administrator, or have shell access to your Mailman 
+server.
              """)))
-        doc.AddItem(_('See '))
+        doc.AddItem(_('For information on installing via shell access, see '))
         doc.AddItem(Link(
 'http://wiki.list.org/x/jYA9',
                 _('FAQ 4.48.')))

=== modified file 'Mailman/Defaults.py.in'
--- Mailman/Defaults.py.in	2011-05-01 16:21:29 +0000
+++ Mailman/Defaults.py.in	2011-05-23 09:32:37 +0000
@@ -901,6 +901,12 @@
 # log in as the member and make global changes.
 OWNERS_CAN_CHANGE_MEMBER_PASSWORDS = No
 
+# Set this variable to Yes to bypass anti-XSS checks on edits to the public
+# pages for lists.  Set it to No if list owners aren't all trustworthy.
+# Yes allows a list owner to add javascript to the public HTML and 
+# thereby expose users to cross-site scripting attacks.
+OWNERS_CAN_USE_FULL_HTML = No
+
 # Should held messages be saved on disk as Python pickles or as plain text?
 # The former is more efficient since we don't need to go through the
 # parse/generate roundtrip each time, but the latter might be preferred if you