[Mailman-Users] attachments
Con Wieland
cwieland at uci.edu
Wed Apr 16 18:28:50 CEST 2008
On Apr 15, 2008, at 4:07 PM, Mark Sapiro wrote:
> Con Wieland wrote:
>>
>> On Apr 15, 2008, at 2:58 PM, Mark Sapiro wrote:
>>
>>> Con Wieland wrote:
>>>
>>>> My questions are, why am I getting the html attachments?
>>>
>>>
>>> Because the sender's MUA is sending them and your content
>>> filtering is
>>> either not on or is not removing HTML and not collapsing
>>> alternatives.
>>
>> Correct it was not on for this example but when I turn it on and
>> select:
>>
>> Remove message attachments that have a matching content type. text/
>> html
>>
>> I lose the pdf too. How can I configure it to just remove the text/
>> html and leave the text/plain and application/pdf ?
>
>
> It depends on how you want to approach things. You can either specify
> what you want to accept and filter the rest, or specify what you don't
> want and accept the rest. This means you want to specify only one of
> filter_mime_types and pass_mime_types and the other should be empty.
>
> If you want to accept any text/plain parts from the message or an
> attached (forwarded as attachment) message and likewise for PDFs and
> not accept anything else, set filter_mime_types empty and
> pass_mime_types to
>
> multipart
> message/rfc822
> text/plain
> application/pdf
I must be missing something here because as soon as I turn on content
filtering no matter what I try in pass_mime_types (with above) or
filter_mime_types, I lose everything but the text
con
>
> If you want to accept everything except html, you would put text/html
> in filter_mime_types and leave pass_mime_types empty, but this is
> probably a very bad idea. The first problem that comes to mind is you
> will pass the plain text from a multipart alternative message and also
> pass the stationery background/watermark image file but remove the
> html that references the image leaving it as a simple attachment.
>
>
>>>> and why
>>>> are they jibberish?
>>>
>>>
>>> They are not gibberish. They are HTML shown to you as raw rather
>>> than
>>> rendered HTML.
>>
>> Yes, gibberish was not the right word. But why aren't they rendered
>> when I click on the link. I am used to just being able to open the
>> link and have them rendered.
>
>
> Because you don't want a list member posting an HTML message with evil
> javascript and getting it stored as renderable html on your web site.
> There is an mm_cfg.py setting to allow this, but here's what we say
> about it in Defaults.py.
>
>> # This variable defines what happens to text/html subparts. They
>> can be
>> # stripped completely, escaped, or filtered through an external
>> program. The
>> # legal values are:
>> # 0 - Strip out text/html parts completely, leaving a notice of
>> the removal in
>> # the message. If the outer part is text/html, the entire
>> message is
>> # discarded.
>> # 1 - Remove any embedded text/html parts, leaving them as HTML-
>> escaped
>> # attachments which can be separately viewed. Outer text/html
>> parts are
>> # simply HTML-escaped.
>> # 2 - Leave it inline, but HTML-escape it
>> # 3 - Remove text/html as attachments but don't HTML-escape them.
>> Note: this
>> # is very dangerous because it essentially means anybody can
>> send an HTML
>> # email to your site containing evil JavaScript or web bugs,
>> or other
>> # nasty things, and folks viewing your archives will be
>> susceptible. You
>> # should only consider this option if you do heavy moderation
>> of your list
>> # postings.
> <snip>
>> ARCHIVE_HTML_SANITIZER = 1
>
> --
> Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
> San Francisco Bay Area, California better use your sense - B. Dylan
>
> ------------------------------------------------------
> Mailman-Users mailing list
> Mailman-Users at python.org
> http://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
> Searchable Archives: http://www.mail-archive.com/mailman-users%
> 40python.org/
> Unsubscribe: http://mail.python.org/mailman/options/mailman-users/
> cwieland%40uci.edu
>
> Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?
> req=show&file=faq01.027.htp
More information about the Mailman-Users
mailing list