[rt-devel] attachments

J.D. Falk jdfalk at mail-abuse.org
Thu Jan 18 13:44:42 EST 2001

On 01/18/01, Christian Kurz <Christian.Kurz at planNET.de> wrote: 

> On 01-01-17 Jesse wrote:
> > I presume you're using the stripmime patch.  You'll want to add a regexp
> > to urlify http://foo...  in sub print_html in lib/rt/ui/web/support.pm
> Why function does print_html has? It only replaces to characters and so
> I commented it currently out, to get the URL highlighted. If this is not
> a good idea, would then please anybody explain why?

	Security.  Do you trust all your potential requestors to never
	send you e-mail with HTML redirects, pop-up windows, and the 
	like?  Ever think about javascript, etcetera?  At the very 
	least, any embedded HTML could mess up your view of RT.

J.D. Falk                   "The Internet isn't just a publishing medium or a
Product Manager                     medium for commerce, it's a social medium."
Mail Abuse Prevention System LLC                       -- Howard Rheingold

More information about the Rt-devel mailing list