On 2015-06-08 7:52 AM, Barry Warsaw wrote:
On Jun 08, 2015, at 02:13 PM, Abhilash Raj wrote:
Postorius just queries the core via REST API the for the message and
dumps the message code in the "View". Probably we need to identify if
the message contains a text/html part and then render that
appropriately.
Although we do have to be careful not to provide a vector for malware
attacking list admins.
Indeed. We should use a known parser to defang anything we re-display
and absolutely positively not write a new one. There's probably
something suitable in django already.
Terri
_______________________________________________
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives:
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
Security Policy: http://wiki.list.org/x/QIA9
