[request-tracker-maintainers] HTML::Gumbo debian packaging
Dominic Hargreaves
dom at earth.li
Thu Apr 6 11:33:13 UTC 2017
On Thu, Apr 06, 2017 at 01:02:44AM +0300, Max Kosmach wrote:
> Does anybody plan to package HTML::Gumbo ?
> With this module RT4.4 shows HTML emails better.
>
> libgumbo already in Debian now and HTML::Gumbo package successfully builds via cpan2deb
>
> PS. There is old RFP/ITP: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781380
Quoting from the RT::Config POD:
"By default, RT shows rich text (HTML) messages if possible. If
C<$PreferRichText> is set to 0, RT will show plain text messages in
preference to any rich text alternatives.
As a security precaution, RT limits the HTML that is displayed to a
known-good subset -- as allowing arbitrary HTML to be displayed exposes
multiple vectors for XSS and phishing attacks. If
L</$TrustHTMLAttachments> is enabled, the original HTML is available for
viewing via the "Download" link.
If the optional L<HTML::Gumbo> dependency is installed, RT will leverage
this to allow a broader set of HTML through, including tables."
So I agree that it would be good to have HTML::Gumbo available.
I'm CCing this message to debian-perl at lists.debian.org in case anyone
is motivated to package this perl module - as at least I won't be able
to do anything with this for a little while.
Of course, if you were interested in packaging perl modules, you would
be very welcome to join in at http://pkg-perl.alioth.debian.org/.
Cheers,
Dominic.
More information about the pkg-request-tracker-maintainers
mailing list