[rt-users] Show HTML tables in tickets

Kevin Falcone falcone at bestpractical.com
Thu Nov 29 12:00:36 EST 2012


On Thu, Nov 29, 2012 at 05:31:14PM +0100, Lukáš Loskot wrote:
> Could anyone point me how can I make my RT instalation show HTML tables in
> tickes.
> I have configured Set($PreferRichText, 1);

RT still scrubs HTML that could cause problems or allow a security
vulenrability.  You'll need to read about
http://bestpractical.com/rt/docs/latest/RT/Interface/Web.html#NewScrubber
if you'd like to allow other tags.

Keep in mind that allowing <table> and friends allows attackers to
inject fake history into your RT ticket display page.  Until the
scrubber is replaced with a full on parse that can detect that, I feel
compelled to warn about this :)

-kevin

> Still the tables in tickests are missing, but the text is html formated
> (colours, links, bolt, ......)
> 
> I have only found one related answer but it was old and didnt explained what
> was the issue or how to fix it.
> (http://www.gossamer-threads.com/lists/rt/users/94028)
> 
> 
> My instalation is RT 4.0.7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 235 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20121129/a583fd4f/attachment.sig>


More information about the rt-users mailing list