On Apr 15, 2008, at 4:07 PM, Mark Sapiro wrote: > Con Wieland wrote: >> >> On Apr 15, 2008, at 2:58 PM, Mark Sapiro wrote: >> >>> Con Wieland wrote: >>> >>>> My questions are, why am I getting the html attachments? >>> >>> >>> Because the sender's MUA is sending them and your content >>> filtering is >>> either not on or is not removing HTML and not collapsing >>> alternatives. >> >> Correct it was not on for this example but when I turn it on and >> select: >> >> Remove message attachments that have a matching content type. >> text/ >> html >> >> I lose the pdf too. How can I configure it to just remove the text/ >> html and leave the text/plain and application/pdf ? > > > It depends on how you want to approach things. You can either specify > what you want to accept and filter the rest, or specify what you don't > want and accept the rest. This means you want to specify only one of > filter_mime_types and pass_mime_types and the other should be empty. > > If you want to accept any text/plain parts from the message or an > attached (forwarded as attachment) message and likewise for PDFs and > not accept anything else, set filter_mime_types empty and > pass_mime_types to > > multipart > message/rfc822 > text/plain > application/pdf
I must be missing something here because as soon as I turn on content filtering no matter what I try in pass_mime_types (with above) or filter_mime_types, I lose everything but the text con > > If you want to accept everything except html, you would put text/html > in filter_mime_types and leave pass_mime_types empty, but this is > probably a very bad idea. The first problem that comes to mind is you > will pass the plain text from a multipart alternative message and also > pass the stationery background/watermark image file but remove the > html that references the image leaving it as a simple attachment. > > >>>> and why >>>> are they jibberish? >>> >>> >>> They are not gibberish. They are HTML shown to you as raw rather >>> than >>> rendered HTML. >> >> Yes, gibberish was not the right word. But why aren't they rendered >> when I click on the link. I am used to just being able to open the >> link and have them rendered. > > > Because you don't want a list member posting an HTML message with evil > javascript and getting it stored as renderable html on your web site. > There is an mm_cfg.py setting to allow this, but here's what we say > about it in Defaults.py. > >> # This variable defines what happens to text/html subparts. They >> can be >> # stripped completely, escaped, or filtered through an external >> program. The >> # legal values are: >> # 0 - Strip out text/html parts completely, leaving a notice of >> the removal in >> # the message. If the outer part is text/html, the entire >> message is >> # discarded. >> # 1 - Remove any embedded text/html parts, leaving them as HTML- >> escaped >> # attachments which can be separately viewed. Outer text/html >> parts are >> # simply HTML-escaped. >> # 2 - Leave it inline, but HTML-escape it >> # 3 - Remove text/html as attachments but don't HTML-escape them. >> Note: this >> # is very dangerous because it essentially means anybody can >> send an HTML >> # email to your site containing evil JavaScript or web bugs, >> or other >> # nasty things, and folks viewing your archives will be >> susceptible. You >> # should only consider this option if you do heavy moderation >> of your list >> # postings. > <snip> >> ARCHIVE_HTML_SANITIZER = 1 > > -- > Mark Sapiro <[EMAIL PROTECTED]> The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > ------------------------------------------------------ > Mailman-Users mailing list > [email protected] > http://mail.python.org/mailman/listinfo/mailman-users > Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py > Searchable Archives: http://www.mail-archive.com/mailman-users% > 40python.org/ > Unsubscribe: http://mail.python.org/mailman/options/mailman-users/ > cwieland%40uci.edu > > Security Policy: http://www.python.org/cgi-bin/faqw-mm.py? > req=show&file=faq01.027.htp ------------------------------------------------------ Mailman-Users mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
