James Platt wrote on 01/19/2018 12:27 PM:
in a properly configured (in my opinion) email client, a lot of HTML
features will be disabled for security reasons, including such things
Agreed to all of that, and you also want to disable "non-remote" images,
because exploits to the libraries that implement those are endless, and
it's super-targetable remotely (you just type in the target's direct
email address, or send to an unsanitized list they're on, from anywhere
in the world, and chuckle to yourself). HTML and DOM processing
implementations are not known to be as buggy as the 2D pixel map libraries.
(In the email client/MUA I've been wanting to write for years, and to
which I alluded recently, when listing off some Racket project ideas...
I'd actually also do an HTML-to-plain conversion from scratch, for
security and other reasons. A conversion is necessary because you can't
just show the plain text of the MIME alternative content type, because
it's often different/empty/missing, and the HTML represents the de facto
canonical contents of the email. In the meantime, Sylpheed and Claws
have some security merits, but I'd try somewhat different approaches.)
You received this message because you are subscribed to the Google Groups "Racket
To unsubscribe from this group and stop receiving emails from it, send an email
For more options, visit https://groups.google.com/d/optout.