Re: [RCD] http://trac.roundcube.net/ticket/1485789

2 Apr 2009


      Thomas Bruederli wrote:
...
This question should be asked to the original author of washtml. In
general I'd be conservative when it comes to html cleaning. We may
expand the list of allowed protocols but on the basis of a white list.
Protocols like file:// or others that invoke external apps are IMO
dangerous and should not be linked directly.
Just my 2 cents...
Ok, I can agree with you, but there's a related issue with html to text 
conversion. If you send html message with <a href="file://aaa">, the 
text part contains "http://mymail.domain.com/file://aaa" link on the 
list. If we're removing file's links in washtml, we should do the same 
in to text conversion. It's just not coherent.
-- 
Aleksander 'A.L.E.C' Machniak http://alec.pl gg:2275252
LAN Management System Developer http://lms.org.pl
Roundcube Webmail Developer http://roundcube.net
_______________________________________________
List info: http://lists.roundcube.net/dev/

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Re: [RCD] http://trac.roundcube.net/ticket/1485789