[rt-users] Show HTML tables in tickets
Russell Jones
russell at jonesmail.me
Thu Dec 6 12:20:26 EST 2012
On 11/29/2012 11:00 AM, Kevin Falcone wrote:
> On Thu, Nov 29, 2012 at 05:31:14PM +0100, Lukáš Loskot wrote:
>> Could anyone point me how can I make my RT instalation show HTML tables in
>> tickes.
>> I have configured Set($PreferRichText, 1);
> RT still scrubs HTML that could cause problems or allow a security
> vulenrability. You'll need to read about
> http://bestpractical.com/rt/docs/latest/RT/Interface/Web.html#NewScrubber
> if you'd like to allow other tags.
>
> Keep in mind that allowing <table> and friends allows attackers to
> inject fake history into your RT ticket display page. Until the
> scrubber is replaced with a full on parse that can detect that, I feel
> compelled to warn about this :)
>
> -kevin
Hi all,
Just ran into this issue as well - was attempting to make a table using
the built-in rich text editor. Submit the ticket and the table is lost.
I followed the page you provided Kevin with no change in the behavior. I
also cleared the mason cache just to make sure but it still shows both
my old tickets with the table gone, as well as any new ones I make.
Am I missing something on how to implement this?
More information about the rt-users
mailing list