[Users] LiteHTML Plugin
Mark Wagner
mark+claws at carnildo.com
Fri Oct 30 08:39:21 CET 2020
On Fri, 30 Oct 2020 07:59:19 +0100
Johan Vromans <jvromans at squirrel.nl> wrote:
> On Thu, 29 Oct 2020 15:15:03 -0000, Paul <claws at thewildbeast.co.uk>
> wrote:
>
> > Or maybe not. So far there is no way to block remote content.
>
> So what is worse: The current security holes in webkitgtk2 or not
> being able to block remote content in webkitgtk3?
For most people? Not being able to block remote content.
Webkitgtk2 as used in the Fancy plugin is an obscure target, and with
remote loading blocked, it's a tricky one to exploit. Meanwhile,
tracking pixels and similar things are extremely common in HTML email.
For every email-based virus targeting Claws, there are probably
billions of emails exploiting remote loading for tracking purposes, or
simply to sneak things past spam filters.
--
Mark
More information about the Users
mailing list