[rt-users] Show HTML tables in tickets

Russell Jones russell at jonesmail.me
Thu Dec 6 12:20:26 EST 2012


On 11/29/2012 11:00 AM, Kevin Falcone wrote:
> On Thu, Nov 29, 2012 at 05:31:14PM +0100, Lukáš Loskot wrote:
>> Could anyone point me how can I make my RT instalation show HTML tables in
>> tickes.
>> I have configured Set($PreferRichText, 1);
> RT still scrubs HTML that could cause problems or allow a security
> vulenrability.  You'll need to read about
> http://bestpractical.com/rt/docs/latest/RT/Interface/Web.html#NewScrubber
> if you'd like to allow other tags.
>
> Keep in mind that allowing <table> and friends allows attackers to
> inject fake history into your RT ticket display page.  Until the
> scrubber is replaced with a full on parse that can detect that, I feel
> compelled to warn about this :)
>
> -kevin


Hi all,

Just ran into this issue as well - was attempting to make a table using 
the built-in rich text editor. Submit the ticket and the table is lost.

I followed the page you provided Kevin with no change in the behavior. I 
also cleared the mason cache just to make sure but it still shows both 
my old tickets with the table gone, as well as any new ones I make.

Am I missing something on how to implement this?




More information about the rt-users mailing list