Changing the system’s default settings for html files (safe)

With Leopard 10.5.1, Apple’s developers changed the default status of html files downloaded from the internet from ‘safe’ to ‘Unsafe’.

While this may make sense from a security standpoint, for somebody like me that processes hundreds of html files downloaded every day, it’s a big annoyance.

I filed a bug with Apple, asking for a workaround. I was hoping that they would implement a preference somehow to enable me to either override the default settings or allow me to specify trusted servers.

Tonight, three months later, I received an answer and the workaround that I was looking for.

I turned out that you could have a user specific file to override the system’s default settings. The file is not there normally, so you would need to create it. It is:

~/Library/Preferences/com.apple.DownloadAssessment.plist

The contents of the file need to be:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>LSRiskCategorySafe</key>
	<dict>
		<key>LSRiskCategoryContentTypes</key>
		<array>
			<string>public.html</string>
			<string>public.xml</string>
			<string>public.php-script</string>
			<string>com.microsoft.windows-media-wmv</string>
		</array> 
		<key>LSRiskCategoryExtensions</key>
		<array>
			<string>xhtml</string>
		</array> 
	</dict>
</dict> 
</plist>

Download Sample File

Hopefully that helps somebody else with this type of problem.

If you need to change the settings of other file types, here are the system-declared file types:

System-Declared Uniform Type Identifiers

For each type you add another <string></string> item to the above array.

For example, for jpeg2000 files you add:

	<string>public.jpeg-2000</string>

Right below the other <string> line in the first array.

To declare files by extension, you add:

	<string>odf</string>

Right below the other <string> line in the second array.

Update 2011-08-01: Safari 5.1.0 Ignores com.apple.DownloadAssessment.plist.

22 thoughts on “Changing the system’s default settings for html files (safe)”

  1. THANK YOU! These stupid security alerts drive me nuts. I wish there was an easy way to shut it off completely. If you know anything about computers you shouldn’t need it.

  2. These are there as a result of two stupid decisions by apple, copied from Microsoft:

    1. open “safe” files after downloading.
    2. hide file extensions for known file types

    Instead of backing off these bad ideas, Apple implemented a copy of the tool Microsoft uses to train people to answer “YES” to “badguy.com wants to install a virus on your computer. Is this OK? (Install) (Panic)”. Whiskey Tango Foxtrot, Apple.

  3. This didn’t work for me, I’m trying to add torrents to the safe list. both links are dead so i can’t find the file type stuff :/

    osx 10.5.6

  4. Thanks for the awesome fix!

    For those that it didn’t work, try restarting Safari. No idea if that is mandatory, but it’s what I did and it works great.

  5. Thank you very very much!

    I’ve been so irritated that TextMate decided to implement this security “feature” introduced in Mac OS X Leopard, and refuses to open multiple php files at once even when I accept one of them.

    Apple has definitely made a wrong decision here about executing “safe” content upon download and not showing the file extensions by default!

  6. anyone know… do wildcards work? Because, honestly, and i know this is not always a good policy, i would just add * if wildcards work… because i’m cautious about where i go, what i do, and i have antivirus anyways. They’ve already made it so no script can rm -rf /*, well not without prompting me for my password. So just by watching for password prompts… Apple, please make Quarantine FOAD.

    PLSKTHNXBAI.

  7. Thank you. This “bug” have bothered me ever since it was introduced in 10.5.1. I can’t understand why Apple have’nt included a ‘safe file’ option in System Preferences or something. So we can choose what files are safe or not.

  8. Works like a charm !

    As first it didn’t work because I mistakenly put the plist file in Library/Preferences instead of Users/Username/Library/Preferences. After I moved it to the correct location it works and saves me countless clicks (opening HUNDREDS of php files today).

    This “feature” of Leopard is SOOOOO annoying !

    Thank you so much for sharing ! :)

  9. It’s a shame we have to work around but it’s always great in the Mac world to know people are dedicated to helping people rather than make a buck… Worked great… Thanks for the post and the help.

  10. This is awesome thank you, just what I needed. It didn’t work at first but shutting down Safari may have made it work. Or, I had been trying to open a pile of files all highlighted before created the new .plist file… not sure if unhighlighting and re-highlighting made it finally work, or if it was the restart of Safari. Happy it works now though. Surprised Apple doesn’t have a setting for this under Security in System Preferences so weird.

  11. Today it doesn’t work. The .plist file seems to have vanished. Re-created it, still can’t open a pile of files without the safety prompt interfering…

  12. This works great on newly downloaded files but I have noticed specifically .phtml files I have downloaded before implementing the plist file still give the message, ” may be a script application. It was downloaded from the internet…” etc.

    All other file types I’ve tested are okay just .phtml

    I used Safari 4 to download this file a few months back.

    Any .phtml files downloaded after are fine and do not give the annoying message.

    Any ideas as I have many files with this extension?

  13. The quarantine bit is set for already downloaded files and you’ll get the warning dialog for each file that you want to open. Of course, there is a way around this. Using the terminal is the quickest way to do this.

    The following command removes the quarantine bit from the files:

    find . -name '*.phtml' -exec xattr -d com.apple.quarantine {} \;

    of course, you need to navigate to the directory holding those phtml files before you type this command. The backslash before the semi-colon at the end is important.

  14. Adobe Digital Editions users:

    Add the file extension ACSM to the key LSRiskCategoryExtensions.

    Here’s an example:

    LSRiskCategorySafe

    LSRiskCategoryContentTypes

    public.html

    LSRiskCategoryExtensions

    ACSM

Comments are closed.