[imp] Why is HTML disabled?

Michael M Slusarz slusarz at horde.org
Thu Nov 19 19:24:46 UTC 2015


Quoting John C Payne <john at pde-usa.net>:

> I'm just wondering why inline HTML is disabled in IMP.  I know that nasty
> stuff can happen if the bad guys send nasty messages. Sad to say: until
> there are no more internet bad guys, such is life.
>
> So what? This is 2015.  Most folks know about HTML and all the risks.
>  Maybe from getting burned.
>
> IMO, it is time to catch up to the world as it is today.  HTML and all the
> associated supporting technologies are everywhere.  For the bad guys and
> the good guys.  
>
>  I suggest HTML enabled by default and text disabled.  At the least give
> the user an easy way to change from HTML to not HTML. 
>
> Horde groupware is a great product; I like it a lot.  Why is it so hard to
> make it a better product by enabling HTML?

https://en.wikipedia.org/wiki/Secure_by_default

HTML is a giant vector for potential security holes -- and with the  
number of browser/OS/version combinations you need to track there's  
simply no way for us to begin to even guarantee any sort of security.

michael

___________________________________
Michael Slusarz [slusarz at horde.org]



More information about the imp mailing list