mirror of
https://github.com/cypht-org/cypht.git
synced 2026-04-26 05:26:00 +03:00
[GH-ISSUE #269] Display HTML #230
Labels
No labels
2fa
I18N
PGP
Security
Security
account
advanced_search
advanced_search
announcement
api_login
authentication
awaiting feedback
blocker
bug
bug
bug
calendar
config
contacts
core
core
devops
docker
docs
duplicate
dynamic_login
enhancement
epic
feature
feeds
framework
github
github
gmail_contacts
good first issue
help wanted
history
history
imap
imap_folders
inline_message
installation
keyboard_shortcuts
keyboard_shortcuts
ldap_contacts
mobile
need-ssh-access
new module set
nux
pop3
profiles
pull-request
question
refactor
release
research
saved_searches
smtp
strategic
tags
tests
themes
website
wordpress
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/cypht#230
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @bet0x on GitHub (May 9, 2018).
Original GitHub issue: https://github.com/cypht-org/cypht/issues/269
Originally assigned to: @jasonmunro on GitHub.
How i do display HTML before text while reading an email?
Thank you.
@jasonmunro commented on GitHub (May 9, 2018):
Hello!
Navigate to Settings -> Site -> General
and un-check the box for: "Prefer text over HTML when reading messages" and you should be good to go!
@bet0x commented on GitHub (May 10, 2018):
For some reason, remove images on the email are not getting loaded.. i have that unchecked
@rosoft2001 commented on GitHub (May 13, 2018):
Same issue
@jasonmunro commented on GitHub (May 14, 2018):
By default Cypht will not load any external resource in an HTML formatted message - this includes images. Doing so is a huge privacy and security risk. The only way we can support this properly IMO is to allow a per-message override to reload the HTML with external resources, and eventually a white-listed list of senders that a user allows this behavior by default for. We cannot allow this for all senders as the risk is just to great.
@bet0x commented on GitHub (May 15, 2018):
But... this can be optional right?
@dumblob commented on GitHub (May 15, 2018):
@bet0x please see https://en.wikipedia.org/wiki/EFAIL (https://efail.de/ ) before you'll decide to reference any external content (which forces the recipient to make an online request with the deciphered URL).
@jasonmunro commented on GitHub (Jun 27, 2018):
@bet0x to clarify, yes, this can be done (some of the behind the scenes work to allow it already exists), however, it would be insecure to add a "always allow external resources" option, so instead I am planning to add a link to the message view page that allows you to reload that specific message with external resources included.
@jasonmunro commented on GitHub (Aug 6, 2018):
@bet0x Just pushed support for this. You need to add an option to your site ini to enable the ability to see external images (this disables the image content security policy header). When viewing an HTML message part with images, there will be an "Allow Images" link in the upper right side of the message content that will reload the message with images enabled.
Here is the new ini setting and explanation:
github.com/jasonmunro/cypht@1b6e0959ca@marclaporte commented on GitHub (Oct 22, 2020):
@jasonmunro wrote "and eventually a white-listed list of senders that a user allows this behavior by default for."
Could this be abused? (email spoofing)
@jasonmunro commented on GitHub (Oct 22, 2020):
@marclaporte probably, however you would have to know the user's white list in order to abuse it.