[Biojava-l] issues with mailman
Peter Cock
p.j.a.cock at googlemail.com
Wed Aug 29 08:44:19 UTC 2012
On Wed, Aug 29, 2012 at 9:21 AM, ralf at ark.in-berlin.de
<ralf at ark.in-berlin.de> wrote:
> On Wed, Aug 29, 2012 at 09:00:00AM +0100, Peter Cock wrote:
>> On Wednesday, August 29, 2012, wrote:
>> > also Noscript complained about a "potential cross-site
>> > scripting (XSS) attempt from http://biojava.org"...
>>
>> Was that from an open-bio.org URL? It is actually
>> the same server for BioJava.org so I can imagine
>> how an apparent cross-site scripting attempt
>> might happen.
>
> The offending page:
> http://lists.open-bio.org/mailman/options/biojava-l
>
> Details:
> [NoScript XSS] Sanitized suspicious upload to
> [http://lists.open-bio.org/mailman/options/biojava-l] from
> [http://www.biojava.org/mailman/listinfo/biojava-l]: transformed into a
> download-only GET request.
>
> If this is a Noscript bug, give me a hint, I have no idea
> about such things.
>
> ralf
I think it is harmless, notice both these URLs work:
http://www.biojava.org/mailman/options/biojava-l
http://lists.open-bio.org/mailman/options/biojava-l
but they both submit the form to lists.open-bio.org.
So technically the Noscript warning is correct - if
you use the www.biojava.org address it is sending
the information to lists.open-bio.org (both are OBF
servers, although under different domain names).
Similarly you can send send to this mailing list as
biojava-l at lists.open-bio.org or biojava-l at biojava.org
Peter
More information about the Biojava-l
mailing list