Date
1 - 3 of 3
locked HTML safety in posted messages
dg,
And another FYI - it came through fine to my email - TBird, set up toMe too. Mark Fletcher wrote: Just FYI, the reason the other message doesn't show up correctly in theI'm not sure what all the ramifications might be, but would it make sense for the email message bodies passed through also be "sanitized" - stripped of potentially harmful tags - just as the archive copy is? That could provide a higher degree of confidence for members of Groups.io groups. -- Shal
|
|
On Thu, Jan 15, 2015 at 10:39 PM, Shal Farley <shal@...> wrote:
That's an interesting thought but I'm not sure it would improve anything. At this point, I've got to believe that most(all?) modern email clients have been hardened against these kinds of attacks. Mark
|
|
Mark,
That's an interesting thought but I'm not sure it would improveExcept for dinosaurs like me, who insist on using an Email client that hasn't seen an update since 2006 (Eudora Classic). On the other hand, when using its internal HTML rendering it supports so few HTML features (and no scripts at all) that it might be considered hardened. Or perhaps just petrified. One benefit of having the emails match the archive is just that: the same user experience. But of course the downside is the flip side of that: some group might depend on a feature that is safe (enough) for them, but stripped in the archive. Oh well, it was just a thought. -- Shal
|
|