[kubuntu-devel] Re: HTML by default in KMail

Jonathan Riddell jriddell at ubuntu.com
Fri Aug 6 15:06:34 BST 2010

On Fri, Aug 06, 2010 at 09:47:24AM -0400, Scott Kitterman wrote:
> I agree with this.  Yes, plain text by default may seem a bit old fashioned, 
> but HTML by default opens a large number of additional code paths to potential 
> exploits (and it appears to be very difficult to write secure HTML parsers).  

Nothing that isn't already open through a web browser.

What are the potential security problems with HTML rendering?  I can
imagine some HTML being able to crash the renderer.  I can't imagine
it being able to do anything worse.  (Javascript, java, <object>s etc
being turned off)


More information about the kubuntu-devel mailing list