Quoting John C Payne <j...@pde-usa.net>:
I'm just wondering why inline HTML is disabled in IMP. I know that nasty
stuff can happen if the bad guys send nasty messages. Sad to say: until
there are no more internet bad guys, such is life.
So what? This is 2015. Most folks know about HTML and all the risks.
Maybe from getting burned.
IMO, it is time to catch up to the world as it is today. HTML and all the
associated supporting technologies are everywhere. For the bad guys and
the good guys.
I suggest HTML enabled by default and text disabled. At the least give
the user an easy way to change from HTML to not HTML.
Horde groupware is a great product; I like it a lot. Why is it so hard to
make it a better product by enabling HTML?
https://en.wikipedia.org/wiki/Secure_by_default
HTML is a giant vector for potential security holes -- and with the
number of browser/OS/version combinations you need to track there's
simply no way for us to begin to even guarantee any sort of security.
michael
___________________________________
Michael Slusarz [slus...@horde.org]
--
imp mailing list
Frequently Asked Questions: http://wiki.horde.org/FAQ
To unsubscribe, mail: imp-unsubscr...@lists.horde.org
