Breaking MIME concatenation
Andrew Gallagher
andrewg at andrewg.com
Wed May 16 09:08:05 CEST 2018
> On 16 May 2018, at 05:21, Patrick Brunschwig <patrick at enigmail.net> wrote:
>
> Content-Type: mutlipart/mixed; boundary="WRAPPER"
> Content-Description: Efail protection wrapper
>
> --WRAPPER
> Content-Type: text/html
>
> <!-- > <PRE style="visibility: visible; display: block; font: fixed;
> font-size: 10px;"> -->
> <!-- '> <PRE style="visibility: visible; display: block; font: fixed;
> font-size: 10px;"> -->
> <!-- "> <PRE style="visibility: visible; display: block; font: fixed;
> font-size: 10px;"> -->
>
> --WRAPPER
> (result of PGP/MIME decryption)
> --WRAPPER--
I like this. It handles the various quoting options, and does its best to display the cleartext safely. Tbird correctly disables JS, so we don’t need to worry about that.
Should there be some indication that mischief is afoot? Or is it more important not to unnecessarily frighten the user?
A
More information about the Gnupg-users
mailing list