Summary | default setting for inline images: give link to show them |
Queue | IMP |
Queue Version | 4.3.9 |
Type | Enhancement |
State | Rejected |
Priority | 2. Medium |
Owners | |
Requester | jpratt (at) bluehost (dot) com |
Created | 09/01/2011 (5057 days ago) |
Due | |
Updated | 09/06/2011 (5052 days ago) |
Assigned | |
Resolved | 09/01/2011 (5057 days ago) |
Milestone | |
Patch | No |
gigantic security hole that an admin has to make a choice to allow
locally.
disabled for security reasons.
general for all webmail services, even yahoo and gmail? Or specific
to horde?
immune to this. And advantage they may have is that their filtering
is maintained by a (potentially) large group of engineers who are paid
full-time. But that doesn't mean that their filters are foolproof.
an admin has to make a choice to allow locally.
for security reasons.
Also, are you saying that this is a gigantic security hole in general
for all webmail services, even yahoo and gmail? Or specific to horde?
Thank you
displaying HTML parts inline. The default is to NOT allow this (html
inline display is false). Displaying HTML messages by default is a
gigantic security hole that an admin has to make a choice to allow
locally. (The HTML filter shipped with H4 is much better than the H3
filter, but there are still no guarantees).
New Attachment: Screenshot-1.png
message "There are no parts that can be displayed inline." However, we
were able to change the config so that it displays "Images have been
blocked to protect your privacy. Show Images?"
I recommend that the "show images" link be offered as the default
setting, not the" no parts that can be displayed inline" message.
Please see the attached images for comparison.
So if you are not blocking inline images, I presume the "show images'
link should already be default, is that correct?
State ⇒ Rejected
images in Horde (IMP 4.3.9), so email such as newsletters cannot be
read.
which solved the problem, but why isn't this set as default? It
should be.
security risk to allow automatic loading of a foreign URL upon opening
a message.
Priority ⇒ 2. Medium
Type ⇒ Enhancement
Summary ⇒ default setting for inline images: give link to show them
Queue ⇒ IMP
Milestone ⇒
Patch ⇒ No
New Attachment: Screenshot.png
State ⇒ New
images in Horde (IMP 4.3.9), so email such as newsletters cannot be
read.
We were able to change the config to offer the reader "show images",
which solved the problem, but why isn't this set as default? It should
be.
Specifically, we updated is the 'html' config section in
/usr/local/cpanel/base/horde/imp/config/mime_drivers.php to get the
option to "show images"