Am 15.05.18 19:17 schrieb(en) Albrecht Dreß:
I am not sure if the HTML widgets used in Balsa are configured to reject all backchannels. At least, libwebkit2gtk asks for loading external images (which you should *never* do!), but the paper lists (in appendix D) a multitude of possibilities. I will check them for libwebkit2gtk (which will take some time), it would be great if someone could have a look at the other widgets.
Unfortunately, the libwebkit2gtk usage in Balsa is *completely* broken: it seems to load almost everything which is referenced in the html, apart from /some/ images (unless the user clicks the button to load them, too). As the lib looks like a complex beast, fixing this bug will probably take some time, and I need to craft test messages as to verify that all backchannels are really blocked. *So, for the time being, I highly recommend to disable html completely!* In the long run, I think we should implement a different policy for dealing with html-only messages. If the user checked the “prefer text over html” option, IMHO we should display the html source by default, and only switch to the html view if the user explicitly requests it (this is what kmail does). Opinions? Sorry for the bad news, Albrecht.
Attachment:
pgp3hQUN63KYQ.pgp
Description: PGP signature