[Kde-pim] Bug 262386 - allow HTML by default
Kevin Krammer
kevin.krammer at gmx.at
Tue Dec 6 07:08:46 GMT 2011
On Tuesday, 2011-12-06, Dr. Robert Marmorstein wrote:
> > Some points I have missed?
>
> Yes. Enabling HTML by default introduces a whole slough of security
> issues. Many phishing attacks, XSS problems, and other scams
> depend on having HTML e-mail. It is definitely better, from a security
> standpoint, to enable only plain text by default. Users who are more
> technically savvy and aware of the various threats can easily change the
> default in the settings. Users who aren't technically proficient probably
> should leave the default at plain text.
But don't most of those problems depend on either loading additional content
or executing script?
Both are deactivate separately in KMail's use of the render engine if I
remember correctly.
Cheers,
Kevin
--
Kevin Krammer, KDE developer, xdg-utils developer
KDE user support, developer mentoring
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-pim/attachments/20111206/095a8be5/attachment.sig>
-------------- next part --------------
_______________________________________________
KDE PIM mailing list kde-pim at kde.org
https://mail.kde.org/mailman/listinfo/kde-pim
KDE PIM home page at http://pim.kde.org/
More information about the kde-pim
mailing list