W3C home > Mailing lists > Public > www-html@w3.org > December 1999

Re: security problem in emailing HTML

From: Arjun Ray <aray@q2.net>
Date: Mon, 6 Dec 1999 17:56:27 -0500 (EST)
To: www-html@w3.org
Message-ID: <Pine.LNX.4.10.9912061749500.28063-100000@mail.q2.net>

On Mon, 6 Dec 1999, Walter Ian Kaye wrote:

> I've been thinking about writing a Perl filter to strip out HTML from
> email. Was gonna just delete from <html> to </html>, but then saw that
> Fingerhut embeds the plain text version into an HTML comment. I wonder
> if there are any other mutations...

Procmail is your friend:)

I used to bounce email with 'text/html' as the Content-type, but that too
became a nuisance.  Now I just file such stuff directly to /dev/null.  
(Logic: if someone is clueless enough to send email in HTML, I have no
need to waste my time reading it.)

However, most of the so-called HTML email seems to be of the multipart/
alternative type.  Configuring a MIME-aware reader to show me the
text/plain version suffices (I delete the remainder.)

The *problem* is the rash of "new" software that seems all too eager to
ram the HTML part down your throat.  The solution is to get competent

(I'm about 90% convinced that I should procmail 'X-Mailer: Microsoft
Outlook Express' to /dev/null too.)

Received on Monday, 6 December 1999 17:33:27 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:05:52 UTC