Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow situational switching between plaintext and html views #110

Closed
Hildy opened this issue Mar 9, 2017 · 1 comment
Closed

Allow situational switching between plaintext and html views #110

Hildy opened this issue Mar 9, 2017 · 1 comment
Projects
Milestone

Comments

@Hildy
Copy link
Collaborator

@Hildy Hildy commented Mar 9, 2017

When viewing a message, allow an immediate situational switching from viewing that message as plaintext to html and vice versa (non-persistent, not linked to the worker's setting value)

@jstanden jstanden added this to the 9.5 milestone Feb 28, 2020
@jstanden jstanden added this to To do in 9.6 via automation Feb 28, 2020
@jstanden

This comment has been minimized.

Copy link
Owner

@jstanden jstanden commented Feb 28, 2020

Implemented in 9.5

@jstanden jstanden closed this Feb 28, 2020
9.6 automation moved this from To do to Done Feb 28, 2020
jstanden added a commit that referenced this issue Feb 29, 2020
…rhauled for privacy and enhanced security. All images and links are filtered using built-in and custom rules.

* [Mail/HTML/Security/Privacy] When displaying HTML email, images are now automatically disabled when sent by new or untrusted senders. This makes privacy the default.

* [Mail/HTML/Security/Privacy] When displaying HTML email, all external images (when displayed) are proxied through the server. This prevents tracking and advertising cookies from being set in worker browsers, as well as protecting worker IP and location information. This will still ping "open/read" beacons when they are not filtered out. Previously, images were fetched directly in worker browsers.

* [Mail/HTML/Security/Privacy] External images in HTML email can be filtered with an admin-configurable blocklist using a flexible rule syntax. This can block privacy-violating beacons, trackers, and advertisements before they're displayed.

* [Mail/HTML/Security/Privacy] When displaying an HTML message, a report is now displayed above the message with the total number of images and links, along with the number of each that are blocked. Clicking these totals displays a popup with the list of external links for easy review. This also naturally draws attention to privacy abusers. In our testing, we've seen messages from seemingly trustworthy brands with over 20 tracking images (likely shared with advertisers).

* [Mail/HTML/Security/Privacy] When displaying an HTML message, images can be displayed once, or always displayed for a given trusted sender. A sender can quickly be flagged as trusted from the images summary popup. Trust may also be revoked in the same location.

* [Mail/HTML/Security/Privacy] When viewing email messages, the display format can be toggled between plaintext and HTML right on the ticket profile. Previously, if HTML was enabled, there wasn't an easy way view the plaintext part (you could reply and look at the quoted text).

Fixes #110

* [Mail/HTML/Security/Privacy] When displaying HTML email, clicking on external links now opens a redirect popup to confirm the destination. This helps combat "phishing" and other forms of deception where a link's target doesn't match its label. The redirect popup displays the main components of a link in a more human-readable format, including an SSL indicator, host, path, and query parameters. This provides a great expansion point for comparing links to databases of malicious hosts, displaying trust/reputation, showing a screenshot site preview, reporting phishing, etc. Previously, we relied on the vigilance of workers and their browsers.

* [Mail/HTML/Security/Privacy] External links in HTML email can be whitelisted with admin-configurable rules. This avoids the confirmation popup when clicking a trusted link, such as those within your corporate network, your team's Cerb instance, or previously filtered URLs from a mail gateway.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
9.6
  
Done
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.