[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: How to keep Javascript intact?
Earl Hood wrote:
> See the MIMEARGS resource along with MIMEFILTERS.
Thanks Earl and Gunnar for the pointer.
I can now see Javascript in the archived message but the comments
within the script are still stripped out (please see below for an
explanation why the script + comments are not a risk in this case).
I can't figure out how to use both 'allowcomments' and 'allowscript'
in MIMEArgs. I tried
<MIMEArgs>
m2h_text_html::filter; allowscript allowcomments
</MIMEArgs>
and
<MIMEArgs>
m2h_text_html::filter; allowscript
m2h_text_html::filter; allowcomments
</MIMEArgs>
but neither preserves both the script and the comments within.
How do I enable both these arguments to the filter?
Also, should I add the default - m2h_external::filter; inline - to
the MIMEArgs or is it OK to include just the ones above?
> BTW, I would advise against using Javascript in HTML mail. Any
> security conscience user would have Javascript disabled for HTML mail,
> so any scripting you include in your message would be ineffective.
>
> Also, it is a security risk. If you must enable scripting, make
> sure you can trust all the people that are able to post to your
> list. Otherwise, you open up your archive to XSS exploits.
I should have clarified in my original post that this is a
newsletter i.e. only I can post to the list. Since it is a read-only
list, these security risks are not really a concern. On my
discussion list, I allow only plain-text email - no HTML, no
scripting and no attachments. Thanks for the concern though.
Regards,
Harshal
--
http://www.mumbai-central.com : Where Mumbaikars meet
---------------------------------------------------------------------
To sign-off this list, send email to majordomo@mhonarc.org with the
message text UNSUBSCRIBE MHONARC-USERS
[Index of Archives]
[Bugtraq]
[Yosemite News]
[Mhonarc Home]