Re: GIT version - no display of html messages

From: Jack <ostroffjh users sourceforge net>
To: balsa-list gnome org
Subject: Re: GIT version - no display of html messages
Date: Sat, 07 Jul 2018 13:28:28 -0400

On 2018-07-07 01:14 PM, Albrecht Dreß wrote:

Am 07.07.18 18:55 schrieb(en) Jack via balsa-list:

Unfortunately, that's just not always realistic.  I agree, almost
always, those images are completely unnecessary (even from legit
senders) but I seem to frequently get emails where the entire message
is embedded in the image.


Really?  From my experiences, it's either dumb spam, or the image is
embedded into a <a href=…> container to redirect you to an infected
web site or even immediately download malware if you click on it. 
Putting the message text into an image prevents the security scanners'
text analysis heuristics from detecting it (that's why Spamassassin's
HTML_IMAGE_ONLY_XX rules exist).

Anyway, balsa (and other mua's) let *you* choose: if you are /really
sure/ you want to load the image, just click the button…

I agree that MOST of the time this happens, you want to stay far away. 
However, I routinely get emails from stores where I HAVE signed up for
the list, or my government representatives, or non-profits, including
major international ones, where the plain text just says "Click here to
see online" or "Your email reader can't read HTML - see the online
version..."  and the HTML version is just boiler-plate, with the actual
message embedded in images.  And I'm talking about legitimate
organizations, where there is unlikely to be any malware, but may well
be trackers.

I tried again just prior to your commit, and I get instead:

lbh_navigation_policy_decision uri about:blank, type 5, used


Hmmm, this indicates that the second approach (the “if
(g_ascii_strcasecmp(uri, "about:blank") != 0)…” variant) may fix your
issue, /without/ removing the EFail mitigation.

Yes, this does now work for me.  Again, for info, what SHOULD that URI
be?  Should it be anything for the basic message itself, on only
something for a link within the message?

which would have been printed by .._TYPE_OTHER or ..._TYPE_RELOAD,
which still doesn't make much sense to me.


Yes, agree.

Out of curiosity - clicking WHERE would trigger the
WEBKIT_NAVIGATION_TYPE_LINK_CLICKED ?  Would that be clicking some
link withing the displayed content?


Yes.  At least for the current git version, it is displayed when you
click on a link in the message (which in turn opens the browser).

Also, I'm using webkit-gtk 2.18.6, and have been for at least several
months.  It's currently the only version available on Gentoo, so I'll
have to check their forums/bugsystem to see if there is any move to
upgrade.


I see.  Debian stretch also comes with 2.18.6, I'll install a vm with
it and try if I can reproduce the issue, stay tuned.

It certainly seems odd.


Best
Albrecht.

Jack

Follow-Ups:
- [Patch] Fix html rendering for webkit2gtk-4.0 < 2.20 (was: GIT version - no display of html messages)
  - From: Albrecht Dreß

References:
- Re: GIT version - no display of html messages
  - From: Albrecht Dreß

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]