Ok Chris, thanks for your detailled answer. BTW, I never noticed it before today but the usage of the [[TracIni]] macro prevents from searching any Trac configuration option (*) from the Trac Search engine, as the macro execution results are not stored in the DB...
*: at least, any option that did not exist in 0.9 or before Cheers, Manu On 10/5/06, Christopher Lenz <[EMAIL PROTECTED]> wrote: > > Am 05.10.2006 um 19:01 schrieb Emmanuel Blot: > > The question has probably answered before, but what is the recommended > > way from a Wiki page to create a link to an attached file which > > contains HTML data, so that it gets rendered as any static HTML page > > on the web browser ? > > > > I've used `[attachment:file.html?format=raw File]` however it seems > > that Trac does not send the proper HTTP header (Content-Type ?), as > > Firefox prompts the user to select an application to open the received > > HTML file. > > > > (Trac 0.10) > > That behavior is controlled by the render_unsafe_content option in > trac.ini, which was introduced in Trac 0.9.3. > > The problem is that if Trac would send out attached HTML pages as-is > by defaut, it'd be a relatively easy job for a user with "evil" > intentions to hijack your session as soon as you view that page, and > subsequently wreak havoc on your Trac site. > > It is recommended that render_unsafe_content is set to false if you > have a public-facing Trac site, or you have enabled IP address > checking on sessions (auth_check_ip IIRC, but that's a rather weak > measure). > > Cheers, > Chris > -- > Christopher Lenz > cmlenz at gmx.de > http://www.cmlenz.net/ > > > > > -- Manu --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/trac-users -~----------~----~----~----~------~----~------~--~---
