[rt-devel] attachments
J.D. Falk
jdfalk at mail-abuse.org
Thu Jan 18 13:44:42 EST 2001
On 01/18/01, Christian Kurz <Christian.Kurz at planNET.de> wrote:
> On 01-01-17 Jesse wrote:
> > I presume you're using the stripmime patch. You'll want to add a regexp
> > to urlify http://foo... in sub print_html in lib/rt/ui/web/support.pm
>
> Why function does print_html has? It only replaces to characters and so
> I commented it currently out, to get the URL highlighted. If this is not
> a good idea, would then please anybody explain why?
Security. Do you trust all your potential requestors to never
send you e-mail with HTML redirects, pop-up windows, and the
like? Ever think about javascript, etcetera? At the very
least, any embedded HTML could mess up your view of RT.
--
J.D. Falk "The Internet isn't just a publishing medium or a
Product Manager medium for commerce, it's a social medium."
Mail Abuse Prevention System LLC -- Howard Rheingold
More information about the Rt-devel
mailing list