[Rt-devel] Content type, in the history

Ruslan U. Zakirov Ruslan.Zakirov at acronis.com
Thu Jan 13 14:38:49 EST 2005


Patrick Rousseau-Mathieu wrote:
> I want to know if someone know where's the content type of the email receive
> via rt-mailgate is set (in the code) when we want to 
> watch the message in the history of the create ticket.
Ticket history is html page, result of the HTTP request. HTTP response 
has own content-type and it's text/html.

MIME message(email) is hierarchic tree of parts. Parts of the mail 
message has own content type. In tickets history you can see them 
inlined(text in the page) or not(via Download button).

RT 3.0.x can inline only text/plain parts. Patches and solutions exists 
that allow to show text/html parts.

RT 3.2.x inlines text/html by default.

But if mail part content type is text/html then it's not safe to inline 
original html into history page, because of security reason: Cross Site 
Scripting. RT converts original text/html into text/plain with 
HTML::Scrubber module and display it as text block.

See:
html/Ticket/Elements/ShowTransactionAttachments
html/Elements/ScrubHTML

> 
> I'd like to put this to: text/html and not text/plain.
> 
> Tnx
> _______________________________________________
> Rt-devel mailing list
> Rt-devel at lists.bestpractical.com
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-devel



More information about the Rt-devel mailing list