[Kde-pim] emailprivacytester.com, video/audio tag
Ingo Klöcker
kloecker at kde.org
Thu Nov 21 22:16:18 GMT 2013
On Wednesday 20 November 2013 16:03:38 Jan Kundrát wrote:
> On Wednesday, 20 November 2013 14:03:15 CEST, Sebastian Kügler wrote:
> > the test only loads an external reference from the web, nothing
> > else. It doesn't actually test for tracking id or anything like
> > that attached to the url
>
> Hi Sebas, please note that it is impossible to write an algorithm for
> classifying URLs into two sets, one of them with "no tracking" and the
> other with "with tracking ID" which works for all input and is
> reliable. Hence blocking all remote requests sounds reasonable.
>
> > Given that the user has explicitely allowed loading content from the
> > web, this seems OK to me.
>
> I'm not sure how KMail works, but I read the original mail as "enabled
> loading HTML", not "enabled HTML and loading remote content".
I read it the same way.
> Perhaps
> the original mail wasn't accurate and the KMail settings are in fact
> "disable any HTML" vs. "enable any HTML, including remote contents".
They are not. "Load external references" is a separate setting.
> If that is the case, then the audio/video preview is indeed a
> "feature", not a "bug". If, however, KMail has a feature for only
> e.g. showing remote images upon explicit confirmation, then it makes
> sense to treat the audio and video tags as something similar, in my
> opinion.
Indeed. FWIW, KMail trusts the khtml part (or does KMail nowadays use
another HTML renderer?) to do the right thing if loading of external
references is disabled. I'd be very unhappy if khtml misbehaved.
I repeated the test. I cannot reproduce a problem with audio/video tags,
but, when I enabled HTML for the test message, then the following tests
turned red:
* Object tag - Flash (https://emailprivacytester.com/test/flash)
* iframe tag (https://emailprivacytester.com/test/iframe)
* CSS import (https://emailprivacytester.com/test/css_import)
* CSS link tag (https://emailprivacytester.com/test/css)
Bad KMail! Time to write a few bug reports for the HTML renderer.
When I also enabled loading of external references, then a lot more
tests (all tests up to and including 'CSS link tag') turned red (which
is okay since I explicitly requested this). But KMail also executed the
meta refresh and showed a different web page. Ouch!
Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-pim/attachments/20131121/5c953ba9/attachment.sig>
-------------- next part --------------
_______________________________________________
KDE PIM mailing list kde-pim at kde.org
https://mail.kde.org/mailman/listinfo/kde-pim
KDE PIM home page at http://pim.kde.org/
More information about the kde-pim
mailing list