[Tickets #10477] Re: default setting for inline images: give link to show them

bugs at horde.org bugs at horde.org
Tue Sep 6 21:25:44 UTC 2011


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/10477
------------------------------------------------------------------------------
  Ticket             | 10477
  Updated By         | Michael Slusarz <slusarz at horde.org>
  Summary            | default setting for inline images: give link to show
                     | them
  Queue              | IMP
  Version            | 4.3.9
  Type               | Enhancement
  State              | Rejected
  Priority           | 2. Medium
  Milestone          |
  Patch              |
  Owners             |
------------------------------------------------------------------------------


Michael Slusarz <slusarz at horde.org> (2011-09-06 21:25) wrote:

>> Displaying HTML messages by default is a
>> gigantic security hole that an admin has to make a choice to allow
>> locally.
>
> OK can I suggest a better error message, such as HTML view is  
> disabled for security reasons.

We already do this in IMP 5

> Also, are you saying that this is a gigantic security hole in  
> general for all webmail services, even yahoo and gmail? Or specific  
> to horde?

It's a gigantic security hole in general.  Yahoo and gmail are not  
immune to this.  And advantage they may have is that their filtering  
is maintained by a (potentially) large group of engineers who are paid  
full-time.  But that doesn't mean that their filters are foolproof.





More information about the bugs mailing list