[imp] Problems with viewing inline HTML

Eric Rostetter eric.rostetter@physics.utexas.edu
Mon, 22 Jul 2002 13:02:26 -0500


Quoting gpreston@ycp.edu:

> I've got a small problem when trying to view an email that is HTML.

If done by a malicious site, this could become a big problem... ;0

> I have it
> set to view the email inline

And you hopefully read the comments when you enabled it about how dangerous
this is?  I only recommend doing this is you have something pre-filter
the html, as IMP doesn't do a terribly effective job of filtering out
malicious code (though it tries).

> problem- The links at the bottom of the page are sometimes screwed up.  They

This can happen whenever the html contains a BASE tag.  Only way to fix it
is to disable BASE tags.  Personnaly I disable all of the tags in 
(META|APP|SCRIPT|OBJECT|EMBED|FRAME|IFRAME|LAYER|BASE|STYLE) myself.

> The
> only thing I can see that is causing this is that some of these HTML emails
> that
> I'm viewing have a new target set for links, and are calling in their own
> remote
> CSS files and this is conflicting with all of IMP's links at the bottom of
> the
> page.

You're lucky if it is only the links at the bottom. If done right it can
muck with (redirect) all the links on the page. ;)

> Is anyone else experiencing this problem or am I the only one who's
> noticed this, and, does anyone know a quick fix to this problem?

Nope, it is a "known problem" in the world of web mail.  Don't remember
any recent discussions of this on the IMP lists, but it is not IMP 
specific either.  This kind of issue (not filtering active html tags)
can cause vulnerabilities in almost any html-rendering email client.
The best way to solve it is to filter the html before it gets to the
clients...

-- 
Eric Rostetter
The Department of Physics
The University of Texas at Austin

"TAD (Technology Attachment Disorder) is an unshakable, impractical devotion
to a brand, platform, product line, or programming language. It's relatively
harmless among the rank and file, but when management is afflicted the damage
can be measured in dollars. It's also contagious -- someone with sufficient
political clout can infect an entire organization."

--"Enterprise Strategies" columnist Tom Yager.