 |
[Dev] Re: [Design] Obvious Scripting Security NotesJack Bell Sun, 03 Nov 2002 23:14:23 -0600
----GW-83663.79-Mailman-- Content-Type: text/plain; Charset="US-ASCII" > Image loading from web-sites is probably desirable as an option disabled > by default (that's primarily used for spam). I've used it a few times Perhaps this would be a good use of a whitelist. Images are OK from some users or domains, but off for everyone else. BTW: I would agree about the embedded javascript in email. Serves no purpose you can't also serve by sending a link to a web page. But formatting mail as HTML should certainly be allowed. Too many users prefer it and it provides a standard rich text format. Better than RTF IMHO. Jack William Bell ----GW-83663.79-Mailman----
|