recent article in Network World
made me very glad that GroupServer (and OnlineGroups.Net, by extension)
only displays plain-text email
The problem is this:
- Fancy formatting in email uses system called HTML.
HTML is the format that all Web pages are written in, including
It allows all the things you would expect of word-processors, such as
making text bold, adding bullet lists, and breaking the text into paragraphs.
Email messages are often sent with both a plain-text and a
this search page
to say Processing… when you click it.
GroupServer easier to use.
just like telephones allowed prank calls, and email allowed spam.
It was this problem that Google came across.
unexpected things, such as
forwarded the user’s browser to a pharma site or tried to download
title=”Official Google Enterprise Blog”>Google.
A few years ago Google purchased an entire company,
to help them deal with this sort of problem.
Thankfully, there are
title=”htmllaundry: Python Package Index”>tools that clean the
HTML, and I would love to integrate one into GroupServer.
Sadly, the HTML can be quite different after it has been cleaned.4
Each of the different email programs (Microsoft Outlook, Apple Mail, Mozilla
Thunderbird, Eurora, IBM Lotus Notes, Google Gmail, Microsoft Hotmail,
Yahoo! Mail, Novell Evolution, Pegasus Mail…)
produces a slightly different variant of HTML.
Checking what the messages from each program looks like after cleaning is a
GroupServer to support HTML email.
However, the task is way down on my todo
list: it is currently job 126.
In the mean time, I am please that our pages, and the members of the groups
run by GroupServer, are safe.
- The HTML version of the message is stored and
forwarded on to the other group members. However, GroupServer only
displays plain text on the website.
- The HTML produced by most email clients does
not conform to any standard that I know of.
It is truly awful stuff.
Wikipedia page on Cross Site Scripting
details a few ways that different systems try and overcome this
It also links to the
Security Handbook, which shows some of the many ways
- One of the problems is with the
It normally controls how things looks, and is a good thing.
can be embedded in the
styleattribute would be the safest thing
to do, but doing so changes what a message looks like.