Marc Mutz <mutz(_at_)kde(_dot_)org> writes:
On Tuesday 07 May 2002 04:20, Russ Allbery wrote:
Lawrence Greenfield <leg+(_at_)andrew(_dot_)cmu(_dot_)edu> writes:
<snip>
(I'm surprised that more mail clients
don't default to showing the raw HTML with a button saying "render this";
users wouldn't press it for spam and it would make discarding spam quicker
as well as safer.)
<snip>
Like so?: http://www.mathematik.uni-bielefeld.de/~mmutz/html-warning.png
This looks rather sloppy to me. It seems to say "Our HTML parser is
insecure, but if you as a user is ready to take on the blame if any
problems appear, just click here". Users in general can't make
security decisions, and they should not be able to sign the security
of their system away by simply "clicking here".
It would be another thing if it said "For efficiency reasons, only the
raw HTML code is shown. If you want to render it, click here".
