Displaying text/html in attachments

Hello!
What is responsible for the text/html head for displayed attachments?

Last month I installed rt-3.6.3_1 from ports on FreeBSD 6.2-R.

This has been a success and we want to increase its use
to include emails we get from a source that sends html-mails.

In the beginning I did test the display link,
which looks something like this on the display page:
Download (untitled) http://rt.master.local/Ticket/Attachment/178/59/
[text/html 17.7k]

But now it does not display as html anymore when clicked,
and the head of the document says text/plain instead of text/html.
The link still displays “text/html” though.

Some dependencies have been updated during this month,
and one of them is probarly the cause of this.
These are the ports which are updated since rt was installed:
$ pkg_glob -x ‘<rt’ -R rt
p5-XML-SAX-0.16
p5-IO-Compress-Base-2.005
p5-XML-RSS-1.31
p5-Test-WWW-Mechanize-1.14
p5-DBIx-DBSchema-0.33
p5-Test-Inline-2.204
p5-IO-Compress-Zlib-2.005
p5-DBI-1.58
p5-Log-Dispatch-2.18
p5-DateTime-TimeZone-0.66.02
p5-Net-1.21,1
p5-Locale-Maketext-Lexicon-0.64
p5-Compress-Raw-Zlib-2.005
gd-2.0.35,1
p5-Compress-Zlib-2.005
p5-DateTime-0.38
p5-File-Remove-0.36
pkg-config-0.22
p5-YAML-0.65
rt-3.6.3_1

Can somebody tell which of this updates is responsible?
Hope I am being clear :-).

Best regards,
Lars

Hello!
What is responsible for the text/html head for displayed attachments?

Last month I installed rt-3.6.3_1 from ports on FreeBSD 6.2-R.

This has been a success and we want to increase its use
to include emails we get from a source that sends html-mails.

In the beginning I did test the display link,
which looks something like this on the display page:
Download (untitled) <http://rt.master.local/Ticket/Attachment/
178/59/> [text/html 17.7k]

But now it does not display as html anymore when clicked,
and the head of the document says text/plain instead of text/html.
The link still displays “text/html” though.

Right. That’s to stop you from malicious javascript in html
attachments when you display them.

Have a look in RT’s config file for:

if TrustHTMLAttachments is not defined, we will display them

as text. This prevents malicious HTML and javascript from being

sent in a request (although there is probably more to it than that)

Set($TrustHTMLAttachments , undef);

PGP.sig (186 Bytes)

Jesse Vincent wrote:

Hello!
What is responsible for the text/html head for displayed attachments?

Last month I installed rt-3.6.3_1 from ports on FreeBSD 6.2-R.

This has been a success and we want to increase its use
to include emails we get from a source that sends html-mails.

In the beginning I did test the display link,
which looks something like this on the display page:
Download (untitled)
http://rt.master.local/Ticket/Attachment/178/59/ [text/html 17.7k]

But now it does not display as html anymore when clicked,
and the head of the document says text/plain instead of text/html.
The link still displays “text/html” though.

Right. That’s to stop you from malicious javascript in html
attachments when you display them.

Have a look in RT’s config file for:

if TrustHTMLAttachments is not defined, we will display them

as text. This prevents malicious HTML and javascript from being

sent in a request (although there is probably more to it than that)

Set($TrustHTMLAttachments , undef);

Right!
Thank you kindly for helping a beginner.
I was too easily fooled by one users IE6 rendering text/plain as html.
And now I suddenly find this is also described in an appendix in the
book :-/

Thanks,
Lars