Re: How to keep Javascript intact?

2003-07-09 14:13:01
Earl Hood wrote:
See the MIMEARGS resource along with MIMEFILTERS.

Thanks Earl and Gunnar for the pointer.

I can now see Javascript in the archived message but the comments
within the script are still stripped out (please see below for an 
explanation why the script + comments are not a risk in this case). 
I can't figure out how to use both 'allowcomments' and 'allowscript' 
in MIMEArgs. I tried

m2h_text_html::filter; allowscript allowcomments


m2h_text_html::filter; allowscript 
m2h_text_html::filter; allowcomments

but neither preserves both the script and the comments within.

How do I enable both these arguments to the filter?

Also, should I add the default - m2h_external::filter; inline - to
the MIMEArgs or is it OK to include just the ones above?

BTW, I would advise against using Javascript in HTML mail.  Any
security conscience user would have Javascript disabled for HTML mail,
so any scripting you include in your message would be ineffective.

Also, it is a security risk.  If you must enable scripting, make
sure you can trust all the people that are able to post to your
list.  Otherwise, you open up your archive to XSS exploits.

I should have clarified in my original post that this is a 
newsletter i.e. only I can post to the list. Since it is a read-only
list, these security risks are not really a concern. On my 
discussion list, I allow only plain-text email - no HTML, no
scripting and no attachments. Thanks for the concern though.


-- : Where Mumbaikars meet

To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the

<Prev in Thread] Current Thread [Next in Thread>