[rt-devel] attachments

Jesse jesse at fsck.com
Thu Jan 18 13:35:47 EST 2001

Without print_html,  

From: <jesse at fsck.com> would appear in your browser as From: 

and users would be able to send javascript in their email which could
be used to, among other things, attack RT.


On Thu, Jan 18, 2001 at 11:00:14AM +0100, Christian Kurz wrote:
> On 01-01-17 Jesse wrote:
> > I presume you're using the stripmime patch.  You'll want to add a regexp
> > to urlify http://foo...  in sub print_html in lib/rt/ui/web/support.pm
> Why function does print_html has? It only replaces to characters and so
> I commented it currently out, to get the URL highlighted. If this is not
> a good idea, would then please anybody explain why?
> Ciao
>      Christian
> -- 
> Christian Kurz                                   http://www.planNET.de
> planNET Systems GmbH                            mailto:info at planNET.de
> Schoenfeldstr. 8                              Telefon: +49 721 66 36 0
> D-76131 Karlsruhe                           Telefax: +49 721 66 36 199 
> _______________________________________________
> Rt-devel mailing list
> Rt-devel at lists.fsck.com
> http://lists.fsck.com/mailman/listinfo/rt-devel

jesse reed vincent -- root at eruditorum.org -- jesse at fsck.com 
70EBAC90: 2A07 FC22 7DB4 42C1 9D71 0108 41A3 3FB3 70EB AC90

autoconf is your friend until it mysteriously stops working, at which 
point it is a snarling wolverine attached to your genitals by its teeth
 (that said, it's better than most of the alternatives)  -- Nathan Mehl

More information about the Rt-devel mailing list