PyBitmessage icon indicating copy to clipboard operation
PyBitmessage copied to clipboard

Published 20 hours ago verified publisher icon mailchuck

HTML loading deanonymisation attacks

Open PeterSurda opened this issue 9 years ago • 2 comments

When viewing HTML, it can trigger loading from external sources and this can be used for deanonymisation.

  • [x] disable external sources. MessageView, based on QTextBrowser, does not by default support loading external sources, but it could be adjusted in the future and then the SafeHTMLParser would have to deal with this.
  • [ ] have loading external sources load by clicking on them, with warning
  • [ ] proxy settings should affect how the renderer loads external sources.

PeterSurda avatar Feb 24 '16 10:02 PeterSurda

What? Bitmessage can view HTML messages? Why I can't set an option like "Force convert message to text"?

I always use text mode in Thunderbird; not using HTML at all.

ghost avatar Apr 16 '16 00:04 ghost

HTML renderer is off by default.

PeterSurda avatar Apr 16 '16 06:04 PeterSurda