From kmail-devel Sun Apr 22 14:11:55 2001 From: Michael =?iso-8859-1?q?H=E4ckel?= Date: Sun, 22 Apr 2001 14:11:55 +0000 To: kmail-devel Subject: Fwd: Re: Bug#24528 acknowledged by developer (kmail URL reference "file:" not "recognised") X-MARC-Message: https://marc.info/?l=kmail-devel&m=98794873118867 ---------- Forwarded Message ---------- Subject: Re: Bug#24528 acknowledged by developer (kmail URL reference "file:" not "recognised") Date: Sun, 22 Apr 2001 12:11:52 +0200 From: Remko Scharroo To: Michael Häckel > On Sunday, 22. April 2001 02:11, remko@deos.tudelft.nl wrote: > > When using an http: or ftp: reference in a mail it is recognised as a > > URL, is highlighted and is clickable. However, not so with file: > > We intentionally disabled file: some time ago for security reasons and > because we didn't consider local links in a mail useful. > Otherwise it might be too easy possible to execute a possibly dangerous > local command with a single click. Maybe in text mails that does not happen > that easy, since the users sees the real URL, but at least in HTML mail > that is more dangerous, since the displayed string and the URL can differ > very much. > > Regards, > Michael Häckel Dear Michael, Although I see your point about security, I do not think it is the task of the developper to disable options that may possibly form threats to security by the stupidity or negligance of the user. I frequently use file: references in my text mails to colleagues on our local network. Instead of attaching a possibly large document to the mail, I just refer them directly to the file on disk. Saves disk space, download and handling time. I do the same in reverse. When I get large attachments that I have to save anyhow to do something useful with them, I replace the MIME encoded part by the file: reference. It's a bit annoying that it is no longer clickable, while it is (still) in Netscape. I suggest either of the following options: 1) Enable active file: references in text (non-html mails) 2) Add an option to enable or disable active file: (or anything) references in text (and/or html) mails. Again, I do not think that (in this case) the developper should make his own interpretation of what should be a useful link or not. Besides, I do not see why a file: link should be more dangerous than an http: link. Looking forward to your views on this issue. Best regards, Remko ------------------------------------------------------- _______________________________________________ Kmail Developers mailing list Kmail@master.kde.org http://master.kde.org/mailman/listinfo/kmail