Re: Office phish
On 2021-07-06 00:32, RW wrote: It's a question of whether a simple copy and paste from a web page to an email body copies any javascript. I don't see why it would. diffrent mail programs will give diffrent results of embedded, i dont know if javascript in noscript html tag is even ignored or not, the only safe way to read mails is ignore scripting, unlees the js is just a hello world :=) -- Before the script... ...After the script.
Re: Office phish
On Tue, 2021-07-06 at 00:16 +0200, Benny Pedersen wrote: > On 2021-07-05 23:45, RW wrote: > > > > > > https://www.w3resource.com/javascript/introduction/html-documents.php > > embeeded javascript is possible > Yes, but it may well depend on how the e-mail was assembled. A message Cut from a web page formatted with both .. and ... formatting and displayed using Brave to construct a new e-mail written, sent and received using Evolution with the message composer set to use plaintext gave a single block of body text that didn't contain any HTML formatting. However, with composer preferences set to use HTML formatting, Evolution restructured the HTML that was cut and pasted in as an attachment with Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="attachment.html" Content-Type: text/html; charset="utf-8"; name="attachment.html" as a preamble. and all the HTML formatting pretty much rewritten from scratch and formatted as a block rather that keeping the original page's indent structure. The plaintext section again had all HTML formatting stripped out. So, it would be interesting to know how similar the output of other browser/MUA combos is to what Brave+Evolution generates. I would not be surprised if the e-mail content has a close dependence on what MUA is used and how its composer preferences are set - and possibly which browser is being used as well. Martin
Re: Office phish
On Tue, 06 Jul 2021 00:16:00 +0200 Benny Pedersen wrote: > On 2021-07-05 23:45, RW wrote: > > >> > What legitimate email uses javascript? > >> Pretty common! many people copy and paste from webs.. and of course > >> these are important mails! :-( > > > > I'm not sure what you are referring to there. If you copy and paste > > a web page into an HTML email, are you not just copying the > > formatting? > > https://www.w3resource.com/javascript/introduction/html-documents.php > > embeeded javascript is possible It's a question of whether a simple copy and paste from a web page to an email body copies any javascript. I don't see why it would.
Re: Office phish
On 2021-07-05 23:45, RW wrote: > What legitimate email uses javascript? Pretty common! many people copy and paste from webs.. and of course these are important mails! :-( I'm not sure what you are referring to there. If you copy and paste a web page into an HTML email, are you not just copying the formatting? https://www.w3resource.com/javascript/introduction/html-documents.php embeeded javascript is possible
Re: Office phish
On Mon, 5 Jul 2021 08:01:25 + (UTC) Pedro David Marco wrote: > > >>On Thursday, July 1, 2021, 05:03:50 PM GMT+2, RW >> wrote: > > > What legitimate email uses javascript? > Pretty common! many people copy and paste from webs.. and of course > these are important mails! :-( I'm not sure what you are referring to there. If you copy and paste a web page into an HTML email, are you not just copying the formatting?
Re: Office phish
>On Thursday, July 1, 2021, 05:03:50 PM GMT+2, RW wrote: > What legitimate email uses javascript? Pretty common! many people copy and paste from webs.. and of course these are important mails! :-( Pedreter