Kenneth Porter <[EMAIL PROTECTED]>wrote on 01/07/2007 04:50:11 AM: > Some of the replies have some good points. > > This one is interesting: > > > won't do wht you think it does > > Hey folks, this isn't going to do anything for security. There's > > going to be a button that allows them to simply click and turn this back > > into an html email. It's NOT stripped text, it's just hidden the html > > code behaviors. Push the button and you're back to HTML!
OK, so that's just a stupid implementation. I would like to ban HTML here, and sending all sorts of articles and links to gartner reports etc. doesn't seem to get the message through. If I were implementing it, I would simply strip any tags, possibly replacing some of them with their intended action, ie spaces and line breaks. Maybe HREF tags wowuld get everything but the URL stripped so users could still get the link being sent. What would be left might be a little ugly, but at least readable, and they couldn't hide stupid text with white on white or small fonts. At least the message gets through. A different way to do it would be see if there text and HTML sections that are nearly the same and strip the HTML portion. If there isn't a text portion, or they aren't similar, then reject the message. Or just say "screwit" and reject anything with HTML. _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
