Skip to Content.
Sympa Menu

en - Re: [sympa-users] hyperlinks on list homepage stripped out by wwsympa?

Subject: The mailing list for listmasters using Sympa

List archive

Re: [sympa-users] hyperlinks on list homepage stripped out by wwsympa?

Chronological Thread  
    < Chronological >       < Thread >
  • From: David Verdin <address@concealed>
  • To: address@concealed
  • Subject: Re: [sympa-users] hyperlinks on list homepage stripped out by wwsympa?
  • Date: Tue, 05 Apr 2011 12:15:18 +0200
Hi adam,

This is due to XSS protection being overenthusiastic. A large part of HTML is escaped in most of the user interface.
We're still trying to find a way to allow admins to tweak HTML escaping for their site.

Until that, you can still modify Sympa behaviour by modifying the code locate in the 'create_xss_parser' sub in tools.pm :

The fragment :

    my $hss = HTML::StripScripts::Parser->new({ Context => 'Document',
                        AllowSrc        => 1,
                        Rules => {
                            '*' => {
                            src =">" '^http://'.&Conf::get_robot_conf($parameters{'robot'},'http_host'),
                            },
                        },
                        });

Could become :

    my $hss = HTML::StripScripts::Parser->new({ Context => 'Document',
                        AllowSrc        => 1,
                        AllowHref        => 1,
                        Rules => {
                            '*' => {
                            src =">" '^http://'.&Conf::get_robot_conf($parameters{'robot'},'http_host'),
                            },
                        },
                        });

Regards,

David

P.S. : See http://search.cpan.org/~drtech/HTML-StripScripts-1.05/StripScripts.pm for further reading regarding XSS esacping configuration.

Le 02/04/11 02:51, Adam Bernstein a écrit : Greetings, all.

HTML code in a list's homepage.tt2 like this:
  <a href=""http://tech-underground.org">Tech Underground</a>

ends up in a Web browser (using View Source) as this:
  <a>Tech Underground</a>

I can't find anything in the docs about hyperlinks being stripped, and can't find where it might happen in the code, but I'm clearly missing something.  I've just noticed this now, running Sympa 6.4, so it probably happened in the upgrade from 5.3.4, or else from 6.3.

Do we just need to do something special for hyperlinks on those pages? Or can they not work at all for some known reason?  Or is it a bug?

Any help appreciated.

      adam

--
David Verdin
Comité réseau des universités

Due to the limitations of human brain, I fail to remember all the mails.
So if you want your bug reports or feature requests for Sympa to be processed, please post them to the Sympa tracker

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


Archive powered by MHonArc 2.6.19+.

Top of Page