solved: Re: [rt-users] displaying text/html in attachments

Lars Kristiansen lars+lister.rt at adventuras.no
Tue Jul 17 12:29:53 EDT 2007


Jesse Vincent wrote:
>
> On Jul 17, 2007, at 7:43 AM, Lars Kristiansen wrote:
>
>> Hello!
>> What is responsible for the text/html head for displayed attachments?
>>
>> Last month I installed rt-3.6.3_1 from ports on FreeBSD 6.2-R.
>>
>> This has been a success and we want to increase its use
>> to include emails we get from a source that sends html-mails.
>>
>> In the beginning I did test the display link,
>> which looks something like this on the display page:
>> Download (untitled) 
>> <http://rt.master.local/Ticket/Attachment/178/59/> [text/html 17.7k]
>>
>>
>> But now it does not display as html anymore when clicked,
>> and the head of the document says text/plain instead of text/html.
>> The link still displays "text/html" though.
>>
>
> Right. That's to stop you from malicious javascript in html 
> attachments when you display them.
>
> Have a look in RT's config file for:
>
> # if TrustHTMLAttachments is not defined, we will display them
> # as text. This prevents malicious HTML and javascript from being
> # sent in a request (although there is probably more to it than that)
> Set($TrustHTMLAttachments , undef);

Right!
Thank you kindly for helping a beginner.
I was too easily fooled by one users IE6 rendering text/plain as html.
And now I suddenly find this is also described in an appendix in the
book :-/

Thanks,
Lars





More information about the rt-users mailing list