New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Disable/cripple HTML mail, if e-mail is encrypted #2077

Closed
BjarniRunar opened this Issue May 15, 2018 · 1 comment

Comments

Projects
None yet
1 participant
@BjarniRunar
Member

BjarniRunar commented May 15, 2018

I think it may be wise to disable the rendering of HTML content in the case where the incoming message is encrypted. At the very least, we should completely disallow loading of remote resources over the network.

Context is EFail: https://www.mailpile.is/blog/2018-05-14_PGP_Security_Alert.html

Relates to #733 and #912.

@BjarniRunar

This comment has been minimized.

Member

BjarniRunar commented May 15, 2018

This is done. The default is to block HTML entirely for incoming encrypted mail, but users can tweak this by changing preferences.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment