[rt-users] displaying text/html in attachments

Jesse Vincent jesse at bestpractical.com
Tue Jul 17 11:43:09 EDT 2007 

On Jul 17, 2007, at 7:43 AM, Lars Kristiansen wrote:

> Hello!
> What is responsible for the text/html head for displayed attachments?
>
> Last month I installed rt-3.6.3_1 from ports on FreeBSD 6.2-R.
>
> This has been a success and we want to increase its use
> to include emails we get from a source that sends html-mails.
>
> In the beginning I did test the display link,
> which looks something like this on the display page:
> Download (untitled) <http://rt.master.local/Ticket/Attachment/ 
> 178/59/> [text/html 17.7k]
>
>
> But now it does not display as html anymore when clicked,
> and the head of the document says text/plain instead of text/html.
> The link still displays "text/html" though.
>

Right. That's to stop you from malicious javascript in html  
attachments when you display them.

Have a look in RT's config file for:

# if TrustHTMLAttachments is not defined, we will display them
# as text. This prevents malicious HTML and javascript from being
# sent in a request (although there is probably more to it than that)
Set($TrustHTMLAttachments , undef);


>
> Some dependencies have been updated during this month,
> and one of them is probarly the cause of this.
> These are the ports which are updated since rt was installed:
> $ pkg_glob -x '<rt' -R rt
> p5-XML-SAX-0.16
> p5-IO-Compress-Base-2.005
> p5-XML-RSS-1.31
> p5-Test-WWW-Mechanize-1.14
> p5-DBIx-DBSchema-0.33
> p5-Test-Inline-2.204
> p5-IO-Compress-Zlib-2.005
> p5-DBI-1.58
> p5-Log-Dispatch-2.18
> p5-DateTime-TimeZone-0.66.02
> p5-Net-1.21,1
> p5-Locale-Maketext-Lexicon-0.64
> p5-Compress-Raw-Zlib-2.005
> gd-2.0.35,1
> p5-Compress-Zlib-2.005
> p5-DateTime-0.38
> p5-File-Remove-0.36
> pkg-config-0.22
> p5-YAML-0.65
> rt-3.6.3_1
>
> Can somebody tell which of this updates is responsible?
> Hope I am being clear :-).
>
> Best regards,
> Lars
>
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
>
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly  
> Media. Buy a copy at http://rtbook.bestpractical.com
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20070717/7d60ee25/attachment.sig>

More information about the rt-users mailing list