Sep-08-2022, 09:11 AM
Hi, I am writing an email client in Python (of course) 3. But, I wonder something. I want to remove security vulnerabilities from HTML emails. I know a lot of email clients remove images from the HTML because they connect remotely to web sites and can be used to track if the email address is valid. What other components of HTML should I block for privacy/security reasons? A little digging told me that pretty much any element in an HTML email with a URL value can be insecure. I know links in HTML can look legit, yet actually point to a malicious payload.
So, am I right to think to just block all elements that have a URL as a value? Will this make the email useless? Thunderbird blocks a few things (images, video, other things), Evolution seems to only block images (that I can tell ATM). Would just blocking images and links suffice? I plan on making this project publicly available one day, so security is a concern.
Sorry for posting in this sub-forum. I want eyes on, and I didn't see a more appropriate place.
So, am I right to think to just block all elements that have a URL as a value? Will this make the email useless? Thunderbird blocks a few things (images, video, other things), Evolution seems to only block images (that I can tell ATM). Would just blocking images and links suffice? I plan on making this project publicly available one day, so security is a concern.
Sorry for posting in this sub-forum. I want eyes on, and I didn't see a more appropriate place.