changeset 1983:c563b49b8b03

EmbedObject:removed mimetype application/x-shockwave-flash from defaults
author Reimar Bauer <rb.proj AT googlemail DOT com>
date Mon, 09 Apr 2007 10:38:34 +0000
parents ecae6138ee1b
children efafd0dd3ff8
files MoinMoin/config/multiconfig.py MoinMoin/macro/EmbedObject.py
diffstat 2 files changed, 10 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/config/multiconfig.py	Mon Apr 09 07:38:09 2007 +0000
+++ b/MoinMoin/config/multiconfig.py	Mon Apr 09 10:38:34 2007 +0000
@@ -328,7 +328,6 @@
     ]
 
     mimetypes_embed = [
-        'application/x-shockwave-flash',
         'application/x-dvi',
         'application/postscript',
         'application/pdf',
@@ -433,6 +432,8 @@
 
     theme_default = 'modern'
     theme_force = False
+    
+    traceback_email = False
 
     trail_size = 5
     tz_offset = 0.0 # default time zone offset in hours from UTC
--- a/MoinMoin/macro/EmbedObject.py	Mon Apr 09 07:38:09 2007 +0000
+++ b/MoinMoin/macro/EmbedObject.py	Mon Apr 09 10:38:34 2007 +0000
@@ -173,10 +173,14 @@
             return _("Not supported mimetype of file: %s" % self.target)
 
         mime_type = "%s/%s" % (mt.major, mt.minor,)
-        if not mime_type in self.request.cfg.mimetypes_embed:
-            return "%s%s%s" % (self.macro.formatter.sysmsg(1),
-                               self.macro.formatter.text('Embedding of object by choosen formatter not possible'),
-                               self.macro.formatter.sysmsg(0))
+        dangerous = mime_type in self.request.cfg.mimetypes_xss_protect
+        
+        if not mime_type in self.request.cfg.mimetypes_embed or dangerous:
+            kw = {'src': url}
+            return "%s: %s%s%s" % (self.macro.formatter.text('Embedding of object by choosen formatter not possible'),
+                               self.macro.formatter.url(1, kw['src']),
+                               self.macro.formatter.text(self.target),
+                               self.macro.formatter.url(0))
 
         if self.alt is "":
             self.alt = "%(text)s %(mime_type)s" % {