Re: [imp] Email Privacy Test

[Michael M Slusarz]

Quoting Rick Romero :


My install is set to not show anything inline, or take any action, without
user intervention. I thought that was the default and my install passed
100%, except for the case of Chrome and what I assume was due to the
Javascript in the From address, maybe that check has been added or Chome
changed since December..


Yes.  Chrome has recently added the srcset feature.  This is now  
detected and blocked in IMP 6.2.


michael

___
Michael Slusarz [slus...@horde.org]

--
imp mailing list
Frequently Asked Questions: http://wiki.horde.org/FAQ
To unsubscribe, mail: imp-unsubscr...@lists.horde.org

Re: [imp] Email Privacy Test

[Simon Wilson]

- Message from Rick Romero  -
   Date: Wed, 30 Apr 2014 20:04:57 -0500
   From: Rick Romero 
Subject: Re: [imp] Email Privacy Test
 To: Michael M Slusarz 
 Cc: imp@lists.horde.org



Quoting Michael M Slusarz :


Quoting Michael M Slusarz :


Quoting Simon B :


On 30 Apr 2014 13:34, "Rick Romero"  wrote:

I have IMP 6.1.7, and I pass the test.

The email you recieved CONTAINS the img src='#' tag - so your browser
followed it.  I'm running Firefox 17.0.1 ESR, and no problem.   But
Chrome caused the srcset error to get flagged - probably because of
the
javascript in the From field.  It's looks broken in Chrome compared
to FF.

I suppose IMP could escape that though.

Rick

Quoting Simon Wilson :


Hi List,

I just tried the privacy test at https://emailprivacytester.com, and
my
setup is failing one of the tests:

"Test - Img srcset attr

In the  of the HTML part, place a tag as follows:

http://TRACKING_URL/ 1x">"

Any ideas on how I can tighten this one up?

This is on Imp 6.1.7, php 5.3.28.


I don't know what imp I  have, I have a git install that hasn't been
updated in a few months, but about half of my tests are red :(

The only consolation is the android client is 50% worse...


Strange, because IMP tested 100% the last time I looked at this a few
months ago (believe it was 6.1 branch).  On all browsers.


http://bugs.horde.org/ticket/12886
 


Not the same issue I don't think. This is an img srcset tag that is
triggering, not SVG.



I don't think that's the same - plus it'll vary by site.  If IMP is
configured to display inline images automatically (though I don't have an
SVG viewer defined), then the tests associated with the image tracking will
go red.  If your account is set to automatically respond to read requests,
then another set of tests will go red.  

My install is set to not show anything inline, or take any action, without
user intervention. I thought that was the default and my install passed
100%, except for the case of Chrome and what I assume was due to the
Javascript in the From address, maybe that check has been added or Chome
changed since December..

Rick
--


Interesting - it only triggers when opening from Imp in Chrome. Open
up Horde in Firefox and open the email and it does not trigger.

Purely as a matter of interest - Samsung email on my S4 opens a
webpage triggered by the email. Very nasty and very wrong. It also
triggers the Audio tag.

Simon

--
Simon Wilson
M: 0400 12 11 16


binc7wIUK9xp1.bin
Description: PGP Public Key


pgpJSJxUk4cpi.pgp
Description: PGP Digital Signature
-- 
imp mailing list
Frequently Asked Questions: http://wiki.horde.org/FAQ
To unsubscribe, mail: imp-unsubscr...@lists.horde.org