* On 01 Sep 2015, mwnx wrote: > > Thanks. I didn't know you could do that. It seems that it requires > 'allow_ansi' to be set to 'yes' though. To my understanding, this allows > ANSI sequences in the original message to be interpreted, which, as > suggested by mutt's manual, does pose somewhat of a security risk. > > It would be nice to have a way to have an option like 'allow_display_ansi' > which would permit ANSI sequences to be added by the display filter while > still filtering out ANSI sequences present in the original message. Oh well, > ... maybe I'll see about writing a patch.
I'm not sure there's really any security risk in allow_ansi. (Perhaps there was once, I don't recall.) Looking quickly at the ANSI-handling code, it seems to allow only colors and text attributes (bold, underline, etc). It doesn't appear to do anything with the more dangerous sequences. -- David Champion • d...@bikeshed.us
