[Tickets #10477] Re: default setting for inline images: give link to show them
bugs at horde.org
bugs at horde.org
Tue Sep 6 21:25:44 UTC 2011
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/10477
------------------------------------------------------------------------------
Ticket | 10477
Updated By | Michael Slusarz <slusarz at horde.org>
Summary | default setting for inline images: give link to show
| them
Queue | IMP
Version | 4.3.9
Type | Enhancement
State | Rejected
Priority | 2. Medium
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
Michael Slusarz <slusarz at horde.org> (2011-09-06 21:25) wrote:
>> Displaying HTML messages by default is a
>> gigantic security hole that an admin has to make a choice to allow
>> locally.
>
> OK can I suggest a better error message, such as HTML view is
> disabled for security reasons.
We already do this in IMP 5
> Also, are you saying that this is a gigantic security hole in
> general for all webmail services, even yahoo and gmail? Or specific
> to horde?
It's a gigantic security hole in general. Yahoo and gmail are not
immune to this. And advantage they may have is that their filtering
is maintained by a (potentially) large group of engineers who are paid
full-time. But that doesn't mean that their filters are foolproof.
More information about the bugs
mailing list