[Javascript] no JS on a JS mailing list? (was: Code optimization)
Scott Reynen
scott at randomchaos.com
Tue Aug 8 11:47:34 CDT 2006
On Aug 8, 2006, at 10:58 AM, Paul Novitski wrote:
> I suspect that the occasions my email client (Eudora 7) renders
> posted HTML markup text as "active" HTML instead of plain text are
> when folks include the HTML tag itself as part of their posting,
> such as when they paste the entire HTML page into their email.
> Because email clients that are capable of rendering HTML markup use
> the HTML tag to begin a message, this causes obvious confusion.
Only broken email clients treat the HTML tag as the beginning of the
HTML portion of a message. Non-broken email clients follow the
"Content-type" header, and treat emails marked with "Content-Type:
text/plain" as plain text regardless of which HTML tags show up in
the content. I'm surprised to hear that Eudora is broken like this,
but if it's really rendering content in an email marked with "Content-
Type: text/plain," I see no other conclusion.
> (Do set me straight here. I'm hardly an expert in email technology
> and my parochial experience with Eudora might be limiting my view.
> Do other email clients consistently treat HTML markup insertions as
> plain text? Does their doing so depend on whether the author has
> set it to send all email as HTML? Did your own client treat Terry
> Riegel's posting of Mon, 7 Aug 2006 18:05:01 -0400 entirely as
> plain text?)
Yes, mine did. That's what "Content-Type: text/plain" means. Eudora
apparently thinks it means something different. That's Eudora's
problem, not Terry's.
> In my experience, most times this happens is when someone attempts
> to insert an example in their posting that includes what I'm
> calling active javascript -- not just the plain text code but the
> code embedded in an HTML context in the hopes that it will execute
> in the email client.
Terry didn't suggest an HTML context. Your email client assumed HTML
context despite clear suggestion to the contrary. JavaScript
security isn't an issue with plain text email. It sounds like Eudora
is creating a security issue by ignoring the "Content-type" header.
I guess you should be thankful that Eudora is trying to protect you
from its own flaws, but I'd think fixing those flaws would be a
preferable solution to asking everyone else to work around them.
Peace,
Scott
More information about the Javascript
mailing list