[rt-devel] text/html -> text/plain cleverness.
Jesse Vincent
jesse at bestpractical.com
Fri Feb 28 11:57:26 EST 2003
So, the reason that change is there is to stop a cross-site scripting
attack. What advantages do you have displaying a message/rfc822 as
text/plain?
On Fri, Feb 28, 2003 at 12:55:58PM +0000, J. Sloan wrote:
>
> I note that 2.1.76 now has the variable $TrustHTMLAttachments defined in
> the config file. I discovered it independantly since it saved me having
> to port one of my local modifications.
>
> However the modification I made translates message/rfc822 type attachments
> as well.
>
> Is there scope for a changing this from a boolean variable to a list of
> mime types to transform?
>
> Thanks.
>
> John
>
> _______________________________________________
> rt-devel mailing list
> rt-devel at lists.fsck.com
> http://lists.fsck.com/mailman/listinfo/rt-devel
--
http://www.bestpractical.com/rt -- Trouble Ticketing. Free.
More information about the Rt-devel
mailing list