Inline screenshots

On the RT Demo site you can paste screenshots into the ticket, like this:
http://dl.dropbox.com/u/7981096/rtticket.png

But when you submit the ticket the inline screenshot goes away. If you click
the download link you get the raw html showing <img alt=“”
src="data:image/png;base64,iVBORw.

Now, if you ATTACH a screenshot, that does show inline.

With all of that said about the demo site, on my clean install of RT 4.0.5,
I can’t even paste the screenshot in.

Is there a way to get inline screenshots working? The kind of problems we
are tracking will require multiple screenshots for the ticket and to have
them have to save each screenshot and attach them would really defeat the
purpose of streamlining the process.

Thank you

Hi rt-users,

I got this working in RT 3.8.8 with modifying /Elements/SrubHTML to
authorize IMG elements and src attribute. After that you can see
inline images in ticket history.
In RT4, SrubHTML have been moved to /RT/Interface/Web.pm

Rémi2012/5/10 rosewood@gmx.de:

On the RT Demo site you can paste screenshots into the ticket, like this:
http://dl.dropbox.com/u/7981096/rtticket.png

But when you submit the ticket the inline screenshot goes away. If you click
the download link you get the raw html showing <img alt=“”
src="data:image/png;base64,iVBORw.

Now, if you ATTACH a screenshot, that does show inline.

With all of that said about the demo site, on my clean install of RT 4.0.5,
I can’t even paste the screenshot in.

Is there a way to get inline screenshots working? The kind of problems we
are tracking will require multiple screenshots for the ticket and to have
them have to save each screenshot and attach them would really defeat the
purpose of streamlining the process.

Thank you

I got this working in RT 3.8.8 with modifying /Elements/SrubHTML to
authorize IMG elements and src attribute. After that you can see
inline images in ticket history.
In RT4, SrubHTML have been moved to /RT/Interface/Web.pm

In RT4, I did this:

— Web.pm.old 2012-07-19 13:31:31.220050969 -0700
+++ Web.pm 2012-07-19 13:32:10.034169941 -0700
@@ -2867,7 +2867,7 @@
);
$scrubber->deny(qw[*]);
$scrubber->allow(

  •    qw[A B U P BR I HR BR SMALL EM FONT SPAN STRONG SUB SUP STRIKE 
    

H1 H2 H3 H4 H5 H6 DIV UL OL LI DL DT DD PRE BLOCKQUOTE]

  •    qw[A B U P BR I HR BR SMALL EM FONT SPAN STRONG SUB SUP STRIKE 
    

H1 H2 H3 H4 H5 H6 DIV UL OL LI DL DT DD PRE BLOCKQUOTE IMG SRC]
);
$scrubber->comment(0);

But if I include a link to an image in a ticket, all I get is the URL
displayed as text:

Does the message need to be formatted as HTML to begin with?

Florin Andrei
http://florin.myip.org/

In RT4, I did this:

— Web.pm.old 2012-07-19 13:31:31.220050969 -0700
+++ Web.pm 2012-07-19 13:32:10.034169941 -0700
@@ -2867,7 +2867,7 @@
);
$scrubber->deny(qw[*]);
$scrubber->allow(

  •    qw[A B U P BR I HR BR SMALL EM FONT SPAN STRONG SUB SUP STRIKE
    

H1 H2 H3 H4 H5 H6 DIV UL OL LI DL DT DD PRE BLOCKQUOTE]

  •    qw[A B U P BR I HR BR SMALL EM FONT SPAN STRONG SUB SUP STRIKE
    

H1 H2 H3 H4 H5 H6 DIV UL OL LI DL DT DD PRE BLOCKQUOTE IMG SRC]
);
$scrubber->comment(0);

But if I include a link to an image in a ticket, all I get is the URL
displayed as text:

Custom Application Development Software for Business - Salesforce.com

Does the message need to be formatted as HTML to begin with?

Oh wait, someone else sent an email from Outlook, formatted as HTML, and
it does look like the image link is displayed online then. So I guess
that’s the requirement. RT4 won’t display it inline if the original
email was plain text (which makes sense, duh).

Florin Andrei
http://florin.myip.org/

I got this working in RT 3.8.8 with modifying /Elements/SrubHTML to
authorize IMG elements and src attribute. After that you can see
inline images in ticket history.
In RT4, SrubHTML have been moved to /RT/Interface/Web.pm

In RT4, I did this:

— Web.pm.old 2012-07-19 13:31:31.220050969 -0700
+++ Web.pm 2012-07-19 13:32:10.034169941 -0700
@@ -2867,7 +2867,7 @@
);
$scrubber->deny(qw[*]);
$scrubber->allow(

  •    qw[A B U P BR I HR BR SMALL EM FONT SPAN STRONG SUB SUP STRIKE H1
    

H2 H3 H4 H5 H6 DIV UL OL LI DL DT DD PRE BLOCKQUOTE]

  •    qw[A B U P BR I HR BR SMALL EM FONT SPAN STRONG SUB SUP STRIKE H1
    

H2 H3 H4 H5 H6 DIV UL OL LI DL DT DD PRE BLOCKQUOTE IMG SRC]
);
$scrubber->comment(0);

But if I include a link to an image in a ticket, all I get is the URL
displayed as text:

Custom Application Development Software for Business - Salesforce.com

Does the message need to be formatted as HTML to begin with?

Note that such change introduces security vulnerability that is easily
exploitable. People can insert URLs into img’s src attribute that
point to RT itself and do some actions on behalf of the user who is
looking at the ticket.


Florin Andrei
http://florin.myip.org/

Best regards, Ruslan.

I got this working in RT 3.8.8 with modifying /Elements/SrubHTML to
authorize IMG elements and src attribute. After that you can see
inline images in ticket history.
In RT4, SrubHTML have been moved to /RT/Interface/Web.pm

In RT4, I did this:

— Web.pm.old 2012-07-19 13:31:31.220050969 -0700
+++ Web.pm 2012-07-19 13:32:10.034169941 -0700
@@ -2867,7 +2867,7 @@
);
$scrubber->deny(qw[*]);
$scrubber->allow(

  •    qw[A B U P BR I HR BR SMALL EM FONT SPAN STRONG SUB SUP STRIKE H1
    

H2 H3 H4 H5 H6 DIV UL OL LI DL DT DD PRE BLOCKQUOTE]

  •    qw[A B U P BR I HR BR SMALL EM FONT SPAN STRONG SUB SUP STRIKE H1
    

H2 H3 H4 H5 H6 DIV UL OL LI DL DT DD PRE BLOCKQUOTE IMG SRC]
);
$scrubber->comment(0);

But if I include a link to an image in a ticket, all I get is the URL
displayed as text:

Custom Application Development Software for Business - Salesforce.com

Does the message need to be formatted as HTML to begin with?

Note that such change introduces security vulnerability that is easily
exploitable. People can insert URLs into img’s src attribute that
point to RT itself and do some actions on behalf of the user who is
looking at the ticket.

In my case I tweek a little more the scrubber to avoid (reduce)
security issues,
the only thing I wanted is the ability to paste en image in the
CKeditor (<img src="data:image/png;base64… />)
this do the trick after the $scriubber->allow() call.

$scrubber->rules(
img => {
src => qr{^data:image}i,
alt => 1,
‘*’ => 0,
},
);

Rémi

In my case I tweek a little more the scrubber to avoid (reduce)
security issues,
the only thing I wanted is the ability to paste en image in the
CKeditor (<img src="data:image/png;base64… />)
this do the trick after the $scriubber->allow() call.

$scrubber->rules(
img => {
src => qr{^data:image}i,
alt => 1,
’*’ => 0,
},
);

In 4.0.6, you can configure this with a clean local overlay and not have
to patch any core RT code. Things to look forward to when you upgrade. :wink:

good afternoon,

Could you tell us what local variable you mean?
there isn’t the release note for the 4.0.6 in the web page.

Thomas Sibley wrote:

In my case I tweek a little more the scrubber to avoid (reduce)
security issues,
the only thing I wanted is the ability to paste en image in the
CKeditor ( "data:image/png;base64… )
this do the trick after the $scriubber->allow() call.

$scrubber->rules(
img => {
src => qr{^data:image}i,
alt => 1,
‘*’ => 0,
},
);

In 4.0.6, you can configure this with a clean local overlay and not have
to patch any core RT code. Things to look forward to when you upgrade. :wink:

View this message in context: http://old.nabble.com/Inline-screenshots-tp33824848p34200036.html

Could you tell us what local variable you mean?

Local overlay, not variable. Something like the following (untested)
dropped into /opt/rt4/local/lib/RT/Interface/Web_Local.pm:

use strict;
use warnings;
package HTML::Mason::Commands;
our %SCRUBBER_RULES;
$SCRUBBER_RULES{img} = {
src => qr{^data:image/}i,
alt => 1,
‘*’ => 0,
};
1;

In 4.2 we should have most images displayed inline the message body by
default.

there isn’t the release note for the 4.0.6 in the web page.

Yeah, we really should get the release notes up on the main website.
They are archived from the mailing list:
http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html