 |
[Dev] Re: [Design] Obvious Scripting Security NotesMike C. Fletcher Sun, 03 Nov 2002 21:56:04 -0500
I have to jump in here as a design/visual person. I use _images_ in HTML mail all the time when doing graphic design work. For dealing with non-technical clients (i.e. those who have trouble opening an attachment) it is extremely useful to be able to send an HTML document with the image embedded. Similarly, in small corporate environments I've used it to document new features as HTML email that serves as internal documentation (including screenshots, particularly). I've also seen it used for sending complex party invitations (embedded maps, little graphics/cartoons). Lastly, I've seen it used as a document-sharing format that's easily received by most people in an internet-only group. On the other hand, _code_ executed from a source unknown, is just a hole waiting to happen. There's very little legitimate usage of it in email that I've seen. I've seen our sysadmins use it once, but it seemed no more useful than if they'd put the page on a web-server and let people go there. Javascript in email just isn't a need for most small businesses/individuals. Image loading from web-sites is probably desirable as an option disabled by default (that's primarily used for spam). I've used it a few times for portfolio emails (with inclusions from my web-site), but it's not a common need AFAIK. Enjoy all, Mike Wes Felter wrote: >on 11/3/02 6:18 PM, Paul Snively at psnively@earthlink.net wrote: > > ... >I tend to agree here. I've only seen two kinds of HTML email: > >* Simple HTML (no images, no JS) from people who are using OE with default >settings. >* Hostile mail (spam, viruses, etc.) > >So based on these use cases, I see no need for JS support at all. > >I can imagine use cases for the "enterprise" market that would require JS, >such as form-based workflow. But does that apply to Chandler? > > ... _______________________________________ Mike C. Fletcher Designer, VR Plumber, Coder http://members.rogers.com/mcfletch/
|