Configuring raw file download settings
This page describes how to configure Fisheye to either immediately display downloaded files in the browser, or show the browser's "Save As" dialog.
As a Fisheye administrator:
- Log in to the admin area and click Server (under 'Global Settings').
Click Edit Details under 'File Download Setting' and choose a setting:
Files that can safely be displayed inline in the browser, will be. Files that are on Fisheye's default list of file extensions that are considered dangerous, will always be accessed via the "Save As" dialog. For files that are considered dangerous, but consist of only plain text (such as .html files), this mode will attempt to force the browser to show (but not execute) the file.
All files, regardless of whether they are considered dangerous or not, are forced to be always accessed via the "Save As" dialog instead of being displayed inline.
All files downloaded via Fisheye will be displayed in the browser after clicking.
- Click Update.
Internet Explorer versions 8 and 9 will not display safe content as plain text.
Default file extensions that Fisheye will consider as executable in the browser
In Smart mode, downloading files with any of the following extensions will always trigger the "Save As" dialog, instead of displaying the contents of the file in the browser directly, except in FireFox, Safari and Chrome.
|Normally these are just text files, but a malicious user could write html in this file, and cause XSS inject attacks if the browser executes the content instead of displaying it. Can be made to be safely displayed in all supported browsers, except Internet Explorer.
.htm , .html, .xhtml, .xml, .svg
|Similar to .txt, these are text files, but contains html. Can be made to be safely displayed in all supported browsers, except Internet Explorer.
|.swf, .flv , .f4v, .f4p, .f4b
|Flash object file.
|Windows Cabinet File.
To add items to the default list in Fisheye, please contact Atlassian Support.