Earl Hood wrote: > See the MIMEARGS resource along with MIMEFILTERS. Thanks Earl and Gunnar for the pointer.
I can now see Javascript in the archived message but the comments within the script are still stripped out (please see below for an explanation why the script + comments are not a risk in this case). I can't figure out how to use both 'allowcomments' and 'allowscript' in MIMEArgs. I tried <MIMEArgs> m2h_text_html::filter; allowscript allowcomments </MIMEArgs> and <MIMEArgs> m2h_text_html::filter; allowscript m2h_text_html::filter; allowcomments </MIMEArgs> but neither preserves both the script and the comments within. How do I enable both these arguments to the filter? Also, should I add the default - m2h_external::filter; inline - to the MIMEArgs or is it OK to include just the ones above? > BTW, I would advise against using Javascript in HTML mail. Any > security conscience user would have Javascript disabled for HTML mail, > so any scripting you include in your message would be ineffective. > > Also, it is a security risk. If you must enable scripting, make > sure you can trust all the people that are able to post to your > list. Otherwise, you open up your archive to XSS exploits. I should have clarified in my original post that this is a newsletter i.e. only I can post to the list. Since it is a read-only list, these security risks are not really a concern. On my discussion list, I allow only plain-text email - no HTML, no scripting and no attachments. Thanks for the concern though. Regards, Harshal -- http://www.mumbai-central.com : Where Mumbaikars meet --------------------------------------------------------------------- To sign-off this list, send email to [EMAIL PROTECTED] with the message text UNSUBSCRIBE MHONARC-USERS