> Am 15.05.2018 um 17:44 schrieb Patrick Brunschwig <patr...@enigmail.net>: > > I already tried a while ago to trick the Thunderbird HTML rendering > engine with tricks like this... They don't work. The rendering engine > ignores the </html> tag (and also tags like </body>). > > I think the correct solution must be to treat each MIME part > independently, i.e. it needs to be parsed independently by the HTML > engine and produce its own DOM tree. At the end, you can concatenate > these DOM trees and create a single correct HTML document.
I have also already tried to implement a similar fix for Apple Mail a few days ago, using <!--" <!-- --> which did work, but is probably a too naive attempt to mitigate against these XSS-kind of attacks. So I absolutely concur with Patricks statement, that the Mime Parsers have to be adjusted to treat every text/html part as single DOM tree or even use different web document instances to represent the message. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
