Page MenuHomePhabricator
Create Task
Maniphest T10989

Blacklist .mht and .mhtml extensions
Closed, ResolvedPublic
Actions

Description

Author: ekb87ds02

Description:
Here's another useful Internet Explorer extension: mhtml, or mht for short.
These are html and supporting files in a container.

I'm not sure if internet explorer considers these to be in the same domain as
the webpage hosting it (for xss purposes), but mediawiki should probably have
this file type in its default blacklist anyway.

Most of these files start with an html file, so they are caught by the filter
that searches the first part of the file for html code. It can contain anything
though, so it might start with for instance an image, so it wouldn't be caught.

Version: unspecified
Severity: enhancement

Details

Reference
bz8989

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 9:33 PM
bzimport added projects: MediaWiki-Uploading, good first task.
bzimport set Reference to bz8989.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Feb 14 2007, 5:10 PM
bzimport added a comment.Mar 29 2007, 7:57 PM

lcarsdata wrote:

Adds mhtml, mhtm, and mht to the default file blacklist

This patch adds mhtml, mhtm and mht. I have added mhtm just in case as this is
in a similar form to htm and may be used in future.

Attached:

mhtlblaclist.txt635 BDownload

bzimport added a comment.Jun 7 2007, 8:49 PM

robchur wrote:

Fixed in r22826.

Gilles added a project: Multimedia.Dec 4 2014, 10:50 AM
Gilles moved this task from Untriaged to Done on the Multimedia board.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL