On Nov 30, 2007, at 7:44 AM, Bart Silverstrim wrote:
> The more safety measures for privacy and exploit-suppression the
> better!
>
> An HTML sanitizer of come kind would be welcome. Anything that won't
> execute or potentially execute or hand off executable code or
> redirected
> URLS would be great.
That's a good idea, and suggests using our own simple HTML renderer,
which will simply ignore anything it doesn't understand (such as
Javascript), and be incapable of doing anything malicious. Of course
it will also bungle the formatting of any complex mail, but in most
cases, the sender deserves to have their message bungled if it's
complex HTML. :) Especially if we combine this with an "Open in
Browser" button, so that when you really want to see that Victoria's
Secret ad as the sender intended, you can do so.
> I *hate* HTML because it makes it much easier, on Windows, to trick
> users or disguise malicious mail. It also makes it easier for most
> users to put in pointless dancing smileys and other things that
> sends me
> into synaptic spasms resembling a stroke when HTML isn't "cleaned
> up" a bit.
I tend to agree, but my mom loves dancing smilies, so I think we'd
better support them. (Hmm... anybody have an RB code to render an
animated GIF?)
Best,
- Joe
--
Joe Strout
Inspiring Applications, Inc.
http://www.InspiringApps.com
_______________________________________________
Unsubscribe or switch delivery mode:
<http://www.realsoftware.com/support/listmanager/>
Search the archives:
<http://support.realsoftware.com/listarchives/lists.html>
|