[imp] Inline vs other window viewing of html
Rick Irvine
irvine@purdue.edu
Mon, 26 Aug 2002 16:30:34 -0500 (EST)
When I put together our old (1.x/2.x) horde/imp, there was a big hub-bub on
the lists about inline html and how bad it was. This made sense to me. My
old IMP will only allow folks to download html attachments. It's a pain, but
I like this. It let me sleep well at night. :)
Now I'm playing with IMP 3.1, and I'm finding that some html tags can be
shown inline even though I've specified in imp/config/mime_drivers.php to set
the html driver's inline field to false. I sent myself a test message from
Yahoo with the type text/html with "<h1> hi! </h1>" and it showed inline.
A co-worker of mine sent me something from hotmail with html turned on and
while it didn't show inline, it did render the html in another window. Is
that safe? I thought the danger was in rendering HTML with java/script, php,
etc embedded in and run by the central web server was a Bad Thing (tm).
Is there a big different between inline vs rendered in a different window?
To me they sound pretty much the same, it's still the web server rendering
the html/dealing with the Evil Code. Am I wrong? (I admit I am no web
guru.)
Thanks!
- Rick