[gaia e-mail] sanitizing web-bug images?

Axel axel.grude at googlemail.com
Wed Aug 15 21:38:53 UTC 2012

> Ah, OK. Maybe a setting to determine how small is too small to render? I'm not sure 
> if Gaia apps are going to support something like Firefox prefs... That said, if the 
> HTML doesn't declare the image size, we can't tell it's 1x1 without downloading it.
Well,  that seems to make that plan impossible; leaving out size attributes is a 
fairly trivial countermeasure.  :(

You won't be able to determine visibility as well if it is achieved with transparency 
(or even a white pixel) without downloading the image first. Maybe the "allow remote 
images" message could be done in a less obtrusive way (e.g. a small floating "broken 
image" button on top right, so there is no space penalty - this could expand into 
"load remote images?" when tapped once)

> It might be interesting to run a testpilot to figure out (a) how many external 
> references and of what types people receive in email, (b) how many of those declare 
> their sizes, and (c) the distribution of sizes (both declared and undeclared) of 
> those external objects. 
counter measures would be fairly trivial, so I don't know whether this is really worth 
the effort unless you plan on developing more sophisticated methods - either way, 
welcome to the arms race :S


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/tb-planning/attachments/20120815/1ee635dd/attachment.html>

More information about the tb-planning mailing list