[Bug 1196403] [NEW] HTML page editor not accepting reasonable meta tags
James Hare
james.hare at wikidc.org
Mon Jul 1 07:29:31 CEST 2013
Public bug reported:
I have administrative access to a mailing list but not shell access, so
if I want to edit the HTML for a mailing list information page I can
only do so through the page editing interface. Recently I've discovered
that if I try adding meta tags to a page, the software rejects them as
suspicious:
"The page you saved contains suspicious HTML that could potentially
expose your users to cross-site scripting attacks. This change has
therefore been rejected. If you still want to make these changes, you
must have shell access to your Mailman server."
While meta tags could be a potential vector for XSS attacks, I do think
an exception can be made for tags that do things like define character
encoding or the viewport (for mobile users).
** Affects: mailman
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1196403
Title:
HTML page editor not accepting reasonable meta tags
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1196403/+subscriptions
More information about the Mailman-coders
mailing list