Am 05.10.2006 um 19:01 schrieb Emmanuel Blot: > The question has probably answered before, but what is the recommended > way from a Wiki page to create a link to an attached file which > contains HTML data, so that it gets rendered as any static HTML page > on the web browser ? > > I've used `[attachment:file.html?format=raw File]` however it seems > that Trac does not send the proper HTTP header (Content-Type ?), as > Firefox prompts the user to select an application to open the received > HTML file. > > (Trac 0.10)
That behavior is controlled by the render_unsafe_content option in trac.ini, which was introduced in Trac 0.9.3. The problem is that if Trac would send out attached HTML pages as-is by defaut, it'd be a relatively easy job for a user with "evil" intentions to hijack your session as soon as you view that page, and subsequently wreak havoc on your Trac site. It is recommended that render_unsafe_content is set to false if you have a public-facing Trac site, or you have enabled IP address checking on sessions (auth_check_ip IIRC, but that's a rather weak measure). Cheers, Chris -- Christopher Lenz cmlenz at gmx.de http://www.cmlenz.net/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/trac-users -~----------~----~----~----~------~----~------~--~---
