[imp] Why is HTML disabled?
Michael M Slusarz
slusarz at horde.org
Thu Nov 19 19:24:46 UTC 2015
Quoting John C Payne <john at pde-usa.net>:
> I'm just wondering why inline HTML is disabled in IMP. I know that nasty
> stuff can happen if the bad guys send nasty messages. Sad to say: until
> there are no more internet bad guys, such is life.
>
> So what? This is 2015. Most folks know about HTML and all the risks.
> Maybe from getting burned.
>
> IMO, it is time to catch up to the world as it is today. HTML and all the
> associated supporting technologies are everywhere. For the bad guys and
> the good guys.
>
> I suggest HTML enabled by default and text disabled. At the least give
> the user an easy way to change from HTML to not HTML.
>
> Horde groupware is a great product; I like it a lot. Why is it so hard to
> make it a better product by enabling HTML?
https://en.wikipedia.org/wiki/Secure_by_default
HTML is a giant vector for potential security holes -- and with the
number of browser/OS/version combinations you need to track there's
simply no way for us to begin to even guarantee any sort of security.
michael
___________________________________
Michael Slusarz [slusarz at horde.org]
More information about the imp
mailing list