From alec@alec.pl Thu Apr  2 10:54:51 2009
From: "A.L.E.C" <alec@alec.pl>
To: dev@lists.roundcube.net
Subject: Re: [RCD] http://trac.roundcube.net/ticket/1485789
Date: Thu, 02 Apr 2009 19:54:36 +0200
Message-ID: <49D4FBDC.5050801@alec.pl>
In-Reply-To: <793f54f40904010507mf2b9749rd97de6320b8b65fa@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5372171417456860879=="

--===============5372171417456860879==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

Thomas Bruederli wrote:

> This question should be asked to the original author of washtml. In
> general I'd be conservative when it comes to html cleaning. We may
> expand the list of allowed protocols but on the basis of a white list.
> 
> Protocols like file:// or others that invoke external apps are IMO
> dangerous and should not be linked directly.
> 
> Just my 2 cents...

Ok, I can agree with you, but there's a related issue with html to text 
conversion. If you send html message with <a href="file://aaa">, the 
text part contains "http://mymail.domain.com/file://aaa" link on the 
list. If we're removing file's links in washtml, we should do the same 
in to text conversion. It's just not coherent.

-- 
Aleksander 'A.L.E.C' Machniak http://alec.pl gg:2275252
LAN Management System Developer http://lms.org.pl
Roundcube Webmail Developer http://roundcube.net
_______________________________________________
List info: http://lists.roundcube.net/dev/

--===============5372171417456860879==--