Chris,
This sounds great. There is a hook in the system for plugins (filters)
to allow for just this type of customization. It could even be
extended to sanitising the mail we send to each recipient, if you
wanted.
If you are interested there is a onRender event that can process the
mail message before it is displayed in the archives that can be used
to do the processing. We would need to change the jsp a little to
display the "altered" message in various forms. If you are interested
in working on such an add-in please let us know and we can make sure
to address any (system) design issues that may come up.
Here is a brief doc on developing filters:
http://code.google.com/p/subetha/wiki/DevelopingFilters
On Mon, Jun 15, 2009 at 5:02 PM, shop<shop@pmcs-inc.com> wrote:
> My definition of sanitized is fairly straight forward:
>
> - No scripts
>
> - No scripts in links (somewhat redundant, I know)
>
> - No links that point directly off-site
>
> - No embeds that point directly off-site (displaying attached
> images is fine)
>
>
>
> This would, of course, break quite a few HTML e-mails, but should be
> reasonable.
>
>
>
> A little simple encoding with a seed generated randomly per page view for
> links and off-site embeds which could be reversible in the browser with
> JavaScript if a user agrees should handle that problem. This would give you
> an Outlook- and Thunderbird-like “Enable links and embedded images in this
> message” button.
>
>
>
> Using a separate root subdirectory (subethamail.org/disp/* instead of
> subethamail.org/se/*) for display of HTML e-mails would let you restrict
> cookies to the /se/* path and reduce the chance of cookie stealing.
>
>
>
>
>
> From: users@subethamail.org [mailto:users@subethamail.org] On Behalf Of Jon
> Stevens
> Sent: Monday, June 15, 2009 4:50 PM
> To: users@subethamail.org
> Subject: Re: HTML e-mail support
>
>
>
> I'm not disagreeing with you about the quality of the display of our
> archives. It could definitely use some improvement.
>
>
>
> It would be pretty easy to modify the template to not show anything other
> than the text/plain portion, but then what happens when there isn't a
> text/plain portion? You would get a blank page. A link to a sanitized* HTML
> version is also just as hard to securely display in a linked page as it
> would be in the actual page.
>
>
>
> * define 'sanitized'. No embedded content? Nothing that can steal your
> cookies?
>
>
>
> So, if you come up with a workable solution that makes you happy, let me
> know. Unfortunately, we are dealing with a pretty complicated problem here.
>
>
>
> jon
>
> My blog: http://lookfirst.com/
>
> On Mon, Jun 15, 2009 at 3:42 PM, shop <shop@pmcs-inc.com> wrote:
>
> Pretty would be nice…
>
>
>
> Ideally I’d like to see the plain text version, or a properly sanitized
> version if it’s not multipart in the archives. A link to a sanitized HTML
> version would be nice, as embedding it directly or displaying as-is is a
> fairly bad idea from a security and privacy perspective.
>
>
>
> -Chris
>
>
>
> From: users@subethamail.org [mailto:users@subethamail.org] On Behalf Of Jon
> Stevens
> Sent: Monday, June 15, 2009 3:36 PM
>
> To: users@subethamail.org
> Subject: Re: HTML e-mail support
>
>
>
> Well, that is up for interpretation. =) How would you like it to appear in
> the archives?
>
>
>
> jon
>
> My blog: http://lookfirst.com/
>
> On Mon, Jun 15, 2009 at 3:26 PM, shop <shop@pmcs-inc.com> wrote:
>
> Though not in the archive…
>
>
>
> From: users@subethamail.org [mailto:users@subethamail.org] On Behalf Of Jon
> Stevens
> Sent: Monday, June 15, 2009 2:57 PM
> To: users@subethamail.org
> Subject: Re: HTML e-mail support
>
>
>
> Clearly handles it just fine.
>
>
>
> jon
>
>
>
> On Mon, Jun 15, 2009 at 2:49 PM, shop <shop@pmcs-inc.com> wrote:
>
> Looking at the documentation and mailing list archives, it is not clear how
> well SubEtha handles HTML e-mails such as this one.
>
>
>
> Would you enlighten me please? I’m hoping to deploy SubEtha, well, tomorrow.
>
>
>
>
>
>
>
>
