Thomas Bruederli wrote: > This question should be asked to the original author of washtml. In > general I'd be conservative when it comes to html cleaning. We may > expand the list of allowed protocols but on the basis of a white list. > > Protocols like file:// or others that invoke external apps are IMO > dangerous and should not be linked directly. > > Just my 2 cents...
Ok, I can agree with you, but there's a related issue with html to text conversion. If you send html message with <a href="file://aaa">, the text part contains "http://mymail.domain.com/file://aaa"; link on the list. If we're removing file's links in washtml, we should do the same in to text conversion. It's just not coherent. -- Aleksander 'A.L.E.C' Machniak http://alec.pl gg:2275252 LAN Management System Developer http://lms.org.pl Roundcube Webmail Developer http://roundcube.net _______________________________________________ List info: http://lists.roundcube.net/dev/
