diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2007-02-24 14:16:23 +0100 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2007-02-24 14:16:23 +0100 |
| commit | 7aa3b10418d35b1d94565ef3f1b596ff34dd92c2 (patch) | |
| tree | fd6f189912d34a9b5ddd6dae13b9ffae3b6afa9f /conf/mime.conf | |
| parent | 26ceae189b2d0a31062ca1f26577545b78250281 (diff) | |
| download | rpg-7aa3b10418d35b1d94565ef3f1b596ff34dd92c2.tar.gz rpg-7aa3b10418d35b1d94565ef3f1b596ff34dd92c2.tar.bz2 | |
added some comments about new XSS protection to mime.conf
darcs-hash:20070224131623-7ad00-cd82685db94b50be942a6d71293010aa8fdabdfa.gz
Diffstat (limited to 'conf/mime.conf')
| -rw-r--r-- | conf/mime.conf | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/conf/mime.conf b/conf/mime.conf index 058590a32..8b4142b79 100644 --- a/conf/mime.conf +++ b/conf/mime.conf @@ -17,14 +17,6 @@ ppt application/mspowerpoint rtf application/msword swf application/x-shockwave-flash -# You should enable HTML and Text uploads only for restricted Wikis. -# Spammers are known to upload spam pages through unprotected Wikis. -#html text/html -#htm text/html -#txt text/plain -#conf text/plain -#xml text/xml - rpm application/octet-stream deb application/octet-stream @@ -40,3 +32,17 @@ odi application/vnd.oasis.opendocument.image odp application/vnd.oasis.opendocument.presentation ods application/vnd.oasis.opendocument.spreadsheet odt application/vnd.oasis.opendocument.text + +# You should enable HTML and Text uploads only for restricted Wikis. +# Spammers are known to upload spam pages through unprotected Wikis. +# Note: Enabling HTML opens Cross Site Scripting vulnerabilities +# through JavaScript. Only enable this with trusted users. You +# need to disable the iexssprotect option additionally to +# adding the mime type here +#html text/html +#htm text/html +#txt text/plain +#conf text/plain +#xml text/xml + + |