John Fleming wrote: > >OK, I got it to work like I want. Is there a security risk to doing the >footer this way?
No. there's no security issue. Just the issue of an update from the web page undoing what you've done. The security issue is protecting against a malicious list administrator perpetrating attacks by entering scripts into attribute boxes. For general information about this kind of attack, try http://www.google.com/search?q=XSS Mailman protects against this by escaping all HTML tag like stuff that's entered in these web forms. There's no issue with putting the unescaped characters in via config_list since only a trusted site administrator can do this, and presumably won't put in any villainous stuff. -- Mark Sapiro <[EMAIL PROTECTED]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
