>>>>> "DH" == Donal Hunt <[EMAIL PROTECTED]> writes:
DH> hey everyone... DH> I was thinking of the security issues behind HTML encoded mail DH> and one of the things that you could do is strip out all DH> "<SCRIPT>" stuff automatically. Normal HTML mail shouldn't DH> generate it and it's one of the main ways of doing malicious DH> things when a user opens a mail. DH> Thoughts? In general, I'd prefer to keep Pipermail out of the business of groking HTML. The framework is certainly in place to farm such semantic filtering out to an external program. Would the lynx filter shown as an example do the trick? Also, HTML-escaping as a general rule should prevent <script> and other evil tags from getting to an archiver viewer, at the expense of human readability <wink>. v-----------------^^^^^^ A new Mozilla 1.0 tag which causes the whole application to scroll up into its title bar and then back down again, rapidly, as if it were blinking at you. -Barry _______________________________________________ Mailman-Developers mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-developers