HTML List Abuse (was: "please ignore: this is only a test")
Eugen Leitl
eugen at leitl.org
Fri Oct 18 02:02:42 PDT 2013
On Thu, Oct 17, 2013 at 10:47:08PM -0500, brian carroll wrote:
> so you're saying the person is reading this
> on a two-line 80s electronic pager then?
Many people concerned with security use text-only MUAs,
as that works well over low-bandwidth mobile links and
gives less attack surface against compromises.
The less complexity, the less lines of codes and code
complexity and easier to debug. E.g. by not discarding
HTML-only (but giving preference to plain text in
multipart messages) I'm running risk for having this system
compromised, even if I render via a text browser
like links. That's ok, I consider this system sacrificial.
Rendering rich content in a GUI is courting disaster.
You will get nailed, and be it just malware from spam.
You can assume that people who care know this, so
text-only correlates with old hands and/or high clue.
More information about the Testlist
mailing list