> If you want to accept HTML in posts, you should ensure that only trusted > users can post. This is good practice anyway to avoid spam on the lists. Then > you don't have to be too concerned about malicious HTML.
Right, that is already the case. However equally important is formatting via the sanitizer, not just removing malicious HTML. > I don't see a demand for a feature like that. Currently there is no demand for that, but also currently Hyperkitty only supports plaintext or markdown, so if you add HTML into the mix, it may change requirements. > Yahoo... that is not what I see. We both see the actual link is missing. The difference is, that you also are getting some garbage characters (multiple "|=20"), and I did not see that, although maybe I was not pasting the right thing. > Then the message will contain only the HTML. But if you do that, malicious > HTML and missing plain text will be the least of the things to be concerned > about. All sorts of malicious malware can be attached to email in other than > HTML parts. You are saying "All sorts of malicious malware can be attached to email in other than HTML parts." What is the solution to this currently? We have "Collapse alternatives" and "Convert html to plaintext" enabled. If one of those is relevant (is it?) the description in postorius should not be limited to "Should Mailman collapse multipart?" but also say "This is strongly recommended, to remove all sorts of malicious malware", since that seems critical. Or, which postorius setting applies? Thanks. _______________________________________________ Mailman-users mailing list -- mailman-users@mailman3.org To unsubscribe send an email to mailman-users-le...@mailman3.org https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/ Archived at: https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/4RTNAR2PM2FKGSSJSTEJU4ME5E24W6ZY/ This message sent to arch...@mail-archive.com
