[gaia e-mail] sanitizing web-bug images?

Blake Winton bwinton at mozilla.com
Wed Aug 15 14:14:46 UTC 2012

On 15-08-12 2:53 , Andrew Sutherland wrote:
> (I am posting to tb-planning as a proxy for the mozilla mailing list 
> relating to the e-mail problem domain)
> The arguments against sanitizing the web bugs are (possible 
> interpretations of) user choice and game theory concerns that 
> sanitizing based on explicit sizing (width=1 height=1) could lead to 
> an arms war.  I don't view the arms war as particularly concerning as 
> e-mails can't run JS, transitions/animations are also sanitized, the 
> sanitizer has access to a layout engine enabling it to determine 
> visibility, and it is generally believed that most e-mail clients have 
> poor HTML support.
Another argument against is that B2G's email client wouldn't show up as 
highly in the rankings like this one 
which seem to mostly be based on image loads.  (It's a minor point, and 
totally does not make it worth sacrificing user privacy, but I think 
it's worth mentioning.)

It would be nice to have better HTML support in email, but since email 
is push rather than pull, the security trade-offs should probably lean 
more towards safety than functionality.

I'm in favour of the idea.


Blake Winton   Thunderbird User Experience Lead
bwinton at mozilla.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/tb-planning/attachments/20120815/10639df6/attachment.html>

More information about the tb-planning mailing list