Message5179
There have been discussions on this on December 2014 on the devel ml.
Ralf wrote in the end:
"""
So we should
- check for valid mime-types on incoming attachments (either via
web-interface or via mail)
Can be realized as an auditor so that users can change the policy
here. We should only rewrite clearly invalid mime-types at that point.
- have a whitelist of attachments that can safely be shipped to the
browser. All mime-types not in the whitelist are shipped as
application/octet-stream. My tests indicate that browsers will not
display these attachments with this content-type, they only offer to
download the file. The original code by Richard attempted this but
failed on invalid mime-types for reasons indicated above.
I think the hardest part is coming up with a decent whitelist that
doesn't miss too many content-types in use out there.
But users can reconfigure the whitelist (and give feedback) so we can
converge to something usable.
"""
Should be make seperate issues out of this? |
|
| Date |
User |
Action |
Args |
| 2015-01-05 15:50:38 | ber | set | messageid: <1420473038.65.0.673601112084.issue2550848@psf.upfronthosting.co.za> |
| 2015-01-05 15:50:38 | ber | set | recipients:
+ ber, schlatterbeck, rouilj, ezio.melotti |
| 2015-01-05 15:50:38 | ber | link | issue2550848 messages |
| 2015-01-05 15:50:37 | ber | create | |
|