Fri, 10 Apr 2026 12:09:54 +0000 https://bugs.horde.org/ticket/10477 default setting for inline images: give link to show them I am informed that the default setting intentionally blocks inline images in Horde (IMP 4.3.9), so email such as newsletters cannot be read. We were able to change the config to offer the reader "show images", which solved the problem, but why isn't this set as default? It should be. Specifically, we updated is the 'html' config section in /usr/local/cpanel/base/horde/imp/config/mime_drivers.php to get the option to "show images" Thu, 01 Sep 2011 17:33:11 +0000 https://bugs.horde.org/ticket/10477#t67230 > I am informed that the default setting intentionally blocks inline > images in Horde (IMP 4.3.9), so email such as newsletters cannot be > read. Do you mean images contained in HTML? We don't block inline images. > We were able to change the config to offer the reader "show images", > which solved the problem, but why isn't this set as default? It > should be. There's a reason they are blocked by default. That's a crazy huge security risk to allow automatic loading of a foreign URL upon opening a message. Thu, 01 Sep 2011 20:49:17 +0000 https://bugs.horde.org/ticket/10477#t67233 Cpanel support suggested that the default setting is to diplay the message "There are no parts that can be displayed inline." However, we were able to change the config so that it displays "Images have been blocked to protect your privacy. Show Images?" I recommend that the "show images" link be offered as the default setting, not the" no parts that can be displayed inline" message. Please see the attached images for comparison. So if you are not blocking inline images, I presume the "show images' link should already be default, is that correct? Thu, 01 Sep 2011 21:14:51 +0000 https://bugs.horde.org/ticket/10477#t67235 > Cpanel support suggested that the default setting is to diplay the > message "There are no parts that can be displayed inline." However, > we were able to change the config so that it displays "Images have > been blocked to protect your privacy. Show Images?" > > I recommend that the "show images" link be offered as the default > setting, not the" no parts that can be displayed inline" message. > Please see the attached images for comparison. > > So if you are not blocking inline images, I presume the "show images' > link should already be default, is that correct? This has nothing to do with blocking images. This has to do with displaying HTML parts inline. The default is to NOT allow this (html inline display is false). Displaying HTML messages by default is a gigantic security hole that an admin has to make a choice to allow locally. (The HTML filter shipped with H4 is much better than the H3 filter, but there are still no guarantees). Thu, 01 Sep 2011 23:17:04 +0000 https://bugs.horde.org/ticket/10477#t67236 > Displaying HTML messages by default is a > gigantic security hole that an admin has to make a choice to allow > locally. OK can I suggest a better error message, such as HTML view is disabled for security reasons. Also, are you saying that this is a gigantic security hole in general for all webmail services, even yahoo and gmail? Or specific to horde? Thank you Tue, 06 Sep 2011 21:17:28 +0000 https://bugs.horde.org/ticket/10477#t67341 >> Displaying HTML messages by default is a >> gigantic security hole that an admin has to make a choice to allow >> locally. > > OK can I suggest a better error message, such as HTML view is > disabled for security reasons. We already do this in IMP 5 > Also, are you saying that this is a gigantic security hole in general > for all webmail services, even yahoo and gmail? Or specific to horde? It's a gigantic security hole in general. Yahoo and gmail are not immune to this. And advantage they may have is that their filtering is maintained by a (potentially) large group of engineers who are paid full-time. But that doesn't mean that their filters are foolproof. Tue, 06 Sep 2011 21:25:44 +0000 https://bugs.horde.org/ticket/10477#t67342