DocScrutinizer05 | I'm pretty late on this one... nevertheless: using CSS and/or HTML in email may cause massive risk to compromise crypto privacy/signature https://arxiv.org/ftp/arxiv/papers/1904/1904.07550.pdf https://github.com/RUB-NDS/Johnny-You-Are-Fired | 08:43 |
---|---|---|
Maxdamantus | By "using", you mean "having it enabled in the client", right? | 08:52 |
Maxdamantus | Don't think there's much you can do to influence that security as a sender of email. | 08:53 |
Maxdamantus | other than not using HTML so that it's more convenient for recipients to disable it altogether. | 08:54 |
KotCzarny | html/js emails are evil incarnate | 08:55 |
KotCzarny | anyone sending/enabling them is asking for troubles | 08:55 |
Oksana | JS, sure. But what about hyperlinks? Are they evil? | 08:55 |
KotCzarny | i would say it's up for the client/viewer to parse the links | 08:56 |
KotCzarny | since they are easy to match http.+://[^ ] etc | 08:56 |
KotCzarny | even text terminal/irc can detect and activate links for clicking in raw text | 08:57 |
KotCzarny | so it wouldnt even be an issue for people using them and some text client (pine and friends) | 08:57 |
Oksana | :grimace: I would rather have them sent out as some kind of mark up, not HTML, but something like <https://en.wikipedia.org/>, because auto-detection of links plainly misfires. Especially where people insert a dot after a link, and it gets appended to URL. Or a space inside the URL makes the auto-detect break up in the wrong place | 09:16 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!