[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-pim
Subject: Re: [Kde-pim] Bug 262386 - allow HTML by default
From: Kevin Krammer <kevin.krammer () gmx ! at>
Date: 2011-12-06 7:08:46
Message-ID: 201112060808.51524.kevin.krammer () gmx ! at
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On Tuesday, 2011-12-06, Dr. Robert Marmorstein wrote:
> > Some points I have missed?
>
> Yes. Enabling HTML by default introduces a whole slough of security
> issues. Many phishing attacks, XSS problems, and other scams
> depend on having HTML e-mail. It is definitely better, from a security
> standpoint, to enable only plain text by default. Users who are more
> technically savvy and aware of the various threats can easily change the
> default in the settings. Users who aren't technically proficient probably
> should leave the default at plain text.
But don't most of those problems depend on either loading additional content
or executing script?
Both are deactivate separately in KMail's use of the render engine if I
remember correctly.
Cheers,
Kevin
--
Kevin Krammer, KDE developer, xdg-utils developer
KDE user support, developer mentoring
["signature.asc" (application/pgp-signature)]
_______________________________________________
KDE PIM mailing list kde-pim@kde.org
https://mail.kde.org/mailman/listinfo/kde-pim
KDE PIM home page at http://pim.kde.org/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic