On Thu, Jul 11, 2019 at 10:10:16AM +0300, Andrei POPESCU wrote: > On Jo, 11 iul 19, 15:52:56, John Crawley wrote:
[...] > > A) Display html as-is, tags and all > > B) Strip out the tags and display what's left, like html2text > > > > I think B) is the better option. > > C) Treat *all* message parts as potentially harmful, not just some > attachments. If additional parsing is needed (check signature, parse > html, etc.) do so in a safe way. D) Show the HTML /as is/, literally, as if it were text. I know it's hard on the receiver, but then, at least, there's someone motivated enough to yell at the sender to fix his/her MUA. Don't hide problems. They'll bite you in your behind. Cheers -- t
signature.asc
Description: Digital signature
