[kubuntu-devel] Re: HTML by default in KMail
txwikinger at ubuntu.com
Fri Aug 6 18:20:38 BST 2010
On 08/06/2010 12:59 PM, Scott Kitterman wrote:
> On Friday, August 06, 2010 10:06:34 am Jonathan Riddell wrote:
>> On Fri, Aug 06, 2010 at 09:47:24AM -0400, Scott Kitterman wrote:
>>> I agree with this. Yes, plain text by default may seem a bit old
>>> fashioned, but HTML by default opens a large number of additional code
>>> paths to potential exploits (and it appears to be very difficult to
>>> write secure HTML parsers).
>> Nothing that isn't already open through a web browser.
>> What are the potential security problems with HTML rendering? I can
>> imagine some HTML being able to crash the renderer. I can't imagine
>> being turned off)
> I don't know. Just plain HTML is not extraordinarily risky. Upon reflection I
> think the more important concern with HTML is probably URL obfuscation and
> users going to sites that are not the ones they expect. Once the URL is
> I'd rather focus on making the click through better than changing the default.
> It might just be I'm too much of a traditionalist.
> Scott K
Already the automatic loading of images or other links in the document
are a problem. A sender can through that basically monitor if and when
you read an e-mail.
More information about the kubuntu-devel