[kubuntu-devel] Re: HTML by default in KMail
Jonathan Riddell
jriddell at ubuntu.com
Fri Aug 6 15:06:34 BST 2010
On Fri, Aug 06, 2010 at 09:47:24AM -0400, Scott Kitterman wrote:
> I agree with this. Yes, plain text by default may seem a bit old fashioned,
> but HTML by default opens a large number of additional code paths to potential
> exploits (and it appears to be very difficult to write secure HTML parsers).
Nothing that isn't already open through a web browser.
What are the potential security problems with HTML rendering? I can
imagine some HTML being able to crash the renderer. I can't imagine
it being able to do anything worse. (Javascript, java, <object>s etc
being turned off)
Jonathan
More information about the kubuntu-devel
mailing list