 |
[Dev] Re: [Design] Obvious Scripting Security NotesTony Bowden Mon, 4 Nov 2002 12:08:55 +0000
On Sun, Nov 03, 2002 at 11:14:23PM -0600, Jack Bell wrote: > BTW: I would agree about the embedded javascript in email. Serves no purpose > you can't also serve by sending a link to a web page. But formatting mail > as HTML should certainly be allowed. Practically, how is this done? Is it a matter of scanning the mail for scripts and removing them from the HTML before displaying? Or can they be neutered in some other way? How will this impact on mail that's been PGP signed etc. Tony
|