[gaia e-mail] sanitizing web-bug images?

Ehsan Akhgari ehsan.akhgari at gmail.com
Thu Aug 16 01:40:47 UTC 2012


On 12-08-15 2:53 AM, Andrew Sutherland wrote:
> (I am posting to tb-planning as a proxy for the mozilla mailing list
> relating to the e-mail problem domain)
>
> The (gaia) e-mail client for Firefox OS sanitizes all HTML because it
> can't use content policies to limit the capabilities of its iframe and
> iframe sandbox directives.

FWIW, bug 341604 seems quite near these days.  Would sandboxed iframes 
satisfy all of your requirements?

> The gaia e-mail client imminently does the same thing, but the cost of
> showing the info-bar equivalent is much higher because screens on mobile
> device are smaller.  Also, the network traffic is potentially more
> expensive to the user.
>
> Since there is no real user benefit to the web bugs but definite privacy
> costs (if loaded) and potential usability and network costs, it seems
> reasonable to simply scrub the web-bugs from the HTML as part of the
> sanitization process.  (Also, it saves storage costs since sanitization
> occurs during synchronization.)
>
> The arguments against sanitizing the web bugs are (possible
> interpretations of) user choice and game theory concerns that sanitizing
> based on explicit sizing (width=1 height=1) could lead to an arms war. I
> don't view the arms war as particularly concerning as e-mails can't run
> JS, transitions/animations are also sanitized, the sanitizer has access
> to a layout engine enabling it to determine visibility, and it is
> generally believed that most e-mail clients have poor HTML support.

By visibility, do you mean visibility as perceived by humans or 
visibility as perceived by layout engines (determined by whether an 
element consumes a big enough box in the rendering)?  Would the 
sanitization algorithm be able to detect the following test cases as web 
bugs?

<img width=100 height=20 src=http://evil.com/webbug-transparent-1x1.png>

<img width=100 height=20 
src=http://evil.com/webbug-whiteorsameasbgcolor-100x20.png>

If not, I don't think this battle is worth fighting.  :/

Cheers,
Ehsan



More information about the tb-planning mailing list