[rt-devel] attachments
Jesse
jesse at fsck.com
Thu Jan 18 13:35:47 EST 2001
Without print_html,
From: <jesse at fsck.com> would appear in your browser as From:
and users would be able to send javascript in their email which could
be used to, among other things, attack RT.
-j
On Thu, Jan 18, 2001 at 11:00:14AM +0100, Christian Kurz wrote:
> On 01-01-17 Jesse wrote:
> > I presume you're using the stripmime patch. You'll want to add a regexp
> > to urlify http://foo... in sub print_html in lib/rt/ui/web/support.pm
>
> Why function does print_html has? It only replaces to characters and so
> I commented it currently out, to get the URL highlighted. If this is not
> a good idea, would then please anybody explain why?
>
> Ciao
> Christian
> --
> Christian Kurz http://www.planNET.de
> planNET Systems GmbH mailto:info at planNET.de
> Schoenfeldstr. 8 Telefon: +49 721 66 36 0
> D-76131 Karlsruhe Telefax: +49 721 66 36 199
>
> _______________________________________________
> Rt-devel mailing list
> Rt-devel at lists.fsck.com
> http://lists.fsck.com/mailman/listinfo/rt-devel
>
--
jesse reed vincent -- root at eruditorum.org -- jesse at fsck.com
70EBAC90: 2A07 FC22 7DB4 42C1 9D71 0108 41A3 3FB3 70EB AC90
autoconf is your friend until it mysteriously stops working, at which
point it is a snarling wolverine attached to your genitals by its teeth
(that said, it's better than most of the alternatives) -- Nathan Mehl
More information about the Rt-devel
mailing list