[Mailman-Users] attachments

Con Wieland cwieland at uci.edu
Wed Apr 16 18:28:50 CEST 2008


On Apr 15, 2008, at 4:07 PM, Mark Sapiro wrote:

> Con Wieland wrote:
>>
>> On Apr 15, 2008, at 2:58 PM, Mark Sapiro wrote:
>>
>>> Con Wieland wrote:
>>>
>>>> My questions are,  why am I getting the html attachments?
>>>
>>>
>>> Because the sender's MUA is sending them and your content  
>>> filtering is
>>> either not on or is not removing HTML and not collapsing  
>>> alternatives.
>>
>> Correct it was not on for this example but when I turn it on and  
>> select:
>>
>> Remove message attachments that have a matching content type.			text/
>> html
>>
>> I lose the pdf too. How can I configure it to just remove the text/
>> html and leave the text/plain and application/pdf ?
>
>
> It depends on how you want to approach things. You can either specify
> what you want to accept and filter the rest, or specify what you don't
> want and accept the rest. This means you want to specify only one of
> filter_mime_types and pass_mime_types and the other should be empty.
>
> If you want to accept any text/plain parts from the message or an
> attached (forwarded as attachment) message and likewise for PDFs and
> not accept anything else, set filter_mime_types empty and
> pass_mime_types to
>
> multipart
> message/rfc822
> text/plain
> application/pdf

I must be missing something here because as soon as I turn on content  
filtering no matter what I try in pass_mime_types (with above) or  
filter_mime_types, I lose everything but the text

con


>
> If you want to accept everything except html, you would put text/html
> in filter_mime_types and leave pass_mime_types empty, but this is
> probably a very bad idea. The first problem that comes to mind is you
> will pass the plain text from a multipart alternative message and also
> pass the stationery background/watermark image file but remove the
> html that references the image leaving it as a simple attachment.
>
>
>>>> and why
>>>> are they jibberish?
>>>
>>>
>>> They are not gibberish. They are HTML shown to you as raw rather  
>>> than
>>> rendered HTML.
>>
>> Yes, gibberish was not the right word. But why aren't they rendered
>> when I click on the link. I am used to just being able to open the
>> link and have them rendered.
>
>
> Because you don't want a list member posting an HTML message with evil
> javascript and getting it stored as renderable html on your web site.
> There is an mm_cfg.py setting to allow this, but here's what we say
> about it in Defaults.py.
>
>> # This variable defines what happens to text/html subparts.  They  
>> can be
>> # stripped completely, escaped, or filtered through an external  
>> program.  The
>> # legal values are:
>> # 0 - Strip out text/html parts completely, leaving a notice of  
>> the removal in
>> #     the message.  If the outer part is text/html, the entire  
>> message is
>> #     discarded.
>> # 1 - Remove any embedded text/html parts, leaving them as HTML- 
>> escaped
>> #     attachments which can be separately viewed.  Outer text/html  
>> parts are
>> #     simply HTML-escaped.
>> # 2 - Leave it inline, but HTML-escape it
>> # 3 - Remove text/html as attachments but don't HTML-escape them.  
>> Note: this
>> #     is very dangerous because it essentially means anybody can  
>> send an HTML
>> #     email to your site containing evil JavaScript or web bugs,  
>> or other
>> #     nasty things, and folks viewing your archives will be  
>> susceptible.  You
>> #     should only consider this option if you do heavy moderation  
>> of your list
>> #     postings.
> <snip>
>> ARCHIVE_HTML_SANITIZER = 1
>
> -- 
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
>
> ------------------------------------------------------
> Mailman-Users mailing list
> Mailman-Users at python.org
> http://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
> Searchable Archives: http://www.mail-archive.com/mailman-users% 
> 40python.org/
> Unsubscribe: http://mail.python.org/mailman/options/mailman-users/ 
> cwieland%40uci.edu
>
> Security Policy: http://www.python.org/cgi-bin/faqw-mm.py? 
> req=show&amp;file=faq01.027.htp



More information about the Mailman-Users mailing list