[EMAIL PROTECTED] (Gordon Burditt) writes: >>HTML is designed to degrade gracefully (never mind that most web >>authors and many browser developers don't seem to comprehend this), so >>you don't really need a "subset" html to get the safety features you >>want. All you need to do is disable the appropriate features in the >>HTML renderer in your news and mail readers. JavaScript, Java, and any >>form of object embedding. Oh yeah, and frames. > > And links. And cookies. And any kind of external site or local > file access. And browser history.
That depends on whether you're trying to keep an HTML message from doing anything nasty (like revealing that you read it) when you render it, or to make sure it *never* does anything nasty, no matter what you do with the message. If all you want is the former - which is what the OP asked for, and I was replying to - then nothing on the list you gave is required. Some of the things you list are a danger even without HTML; most modern news/mail readers will follow links in flat ascii. <mike -- Mike Meyer <[EMAIL PROTECTED]> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. -- http://mail.python.org/mailman/listinfo/python-list