[Kde-pim] Bug 262386 - allow HTML by default
Lindsay Mathieson
lindsay.mathieson at gmail.com
Tue Dec 6 07:49:59 GMT 2011
Even with just plain HTML, its much easier to disguise a link as legit
- many bank email scams rely on that.
2011/12/6 Kevin Krammer <kevin.krammer at gmx.at>:
> On Tuesday, 2011-12-06, Dr. Robert Marmorstein wrote:
>> > Some points I have missed?
>>
>> Yes. Enabling HTML by default introduces a whole slough of security
>> issues. Many phishing attacks, XSS problems, and other scams
>> depend on having HTML e-mail. It is definitely better, from a security
>> standpoint, to enable only plain text by default. Users who are more
>> technically savvy and aware of the various threats can easily change the
>> default in the settings. Users who aren't technically proficient probably
>> should leave the default at plain text.
>
> But don't most of those problems depend on either loading additional content
> or executing script?
> Both are deactivate separately in KMail's use of the render engine if I
> remember correctly.
>
> Cheers,
> Kevin
>
> --
> Kevin Krammer, KDE developer, xdg-utils developer
> KDE user support, developer mentoring
>
> _______________________________________________
> KDE PIM mailing list kde-pim at kde.org
> https://mail.kde.org/mailman/listinfo/kde-pim
> KDE PIM home page at http://pim.kde.org/
--
Lindsay
_______________________________________________
KDE PIM mailing list kde-pim at kde.org
https://mail.kde.org/mailman/listinfo/kde-pim
KDE PIM home page at http://pim.kde.org/
More information about the kde-pim
mailing list