On Wed, Apr 11, 2012 at 10:17:50AM +0700, Luong Bui Duc wrote: > I'm trying to set RT so it shows the HTML tables/hyperlinks directly in > Display ticket page. My RT_SiteConfig.pm includes PreferRichText & > TrustHTMLAttachments 1, but that only seems to work when user downloads > ticket as attachment. I edited some code in this file: > > /opt/rt4/share/html/Ticket/Elements/ShowTransactionAttachments > > uncommented these 2 lines: > > Line 209: #$content = $m->comp( '/Elements/ScrubHTML', Content => $content > ); > Line 230: #$content = $m->comp( '/Elements/ScrubHTML', Content => $content > ); > > This seems to do the trick, but interface of RT has changed too, now > buttons are underlined and labels are in blue color as hyperlinks. > > Please let me know what is the proper way to achieve this without breaking > RT?
You've now opened yourself up to a ton of attack vectors by removing the scrubbing. PreferRichText is the correct way to do what you want, if you need to allow certain pieces of HTML through that are currently scrubbed, you can cleanly add to the ScrubHTML method in Web.pm using the standard override techniques. -kevin
pgpqfHCBQiIuh.pgp
Description: PGP signature
