Derek Martin writes: [...] > In any event, I think both parts of what you're suggesting would be > good improvements: > > 1. Put temporary content in its own directory inside $TMPDIR or > equivalent (avoids symlink attacks and such completely) > 2. Extract all of the mime parts of HTML mail into said directory so a > browser can display them. > > These do seem like separate issues to me, and I tend to think probably > it's worth creating two bugs for them.
I agree. Should have researched this better, the problem has already been solved, or rather, worked around. After I started building a script around ripmime (as per https://unix.stackexchange.com/questions/37218/how-to-really-easily-save-all-tagged-attachments-in-mutt), I started researching Content-ID headers and came across http://shallowsky.com/blog/tech/email/mutt-viewing-html-mail.html. While it doesn't work as is, it can be hacked ... Workaround because it is still an external solution that duplicates some of the work mutt has already done.
