I end up using HTML in mail messages because so few
mailers understand Rich-Text-Format -- maybe that's
a MS-only thing...( :-( ). But, often, all I want is
some very primitive things like *bold*, _italics_,
and _UNDERLINE_(?).

Even the ability to use auto-text wrapping -- I like GUI editors, but to my limited knowledge, most of them don't
have primitive features like 'reformat paragraph'. For
example. I edit my email after composition and move, delete, or shorten a sentence. Now in a plain text world, I'm going to have one line that is going to be out of alignment.

Even in little compose windows like this one -- did I press
at the end of some lines by habit or did I allow them to flow to the next line.

I think the main security threats are any components that try to set cookies, require external (to the email) references, and any scripting, no? Isn't it possible to come up with a standard subset of 'safe' HTML?

Even things like -- I'd like to choose whether or not to
display my text in fixed, or proportional. Nothing worse than to have a user compose a table in fixed, then a
reader views in proportional.

Anyway -- it really would be nice if there was a defined and filterable subset just to allow text lay out without all the risks of full HTML.


[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/58/10454#10454