Breaking MIME concatenation
Patrick Brunschwig
patrick at enigmail.net
Thu May 17 10:24:59 CEST 2018
On 16.05.18 21:50, Lukas Pitschl | GPGTools wrote:
>
>> Am 16.05.2018 um 06:21 schrieb Patrick Brunschwig <patrick at enigmail.net>:
>>
>> Content-Type: mutlipart/mixed; boundary="WRAPPER"
>> Content-Description: Efail protection wrapper
>>
>> --WRAPPER
>> Content-Type: text/html
>>
>> <!-- > <PRE style="visibility: visible; display: block; font: fixed;
>> font-size: 10px;"> -->
>> <!-- '> <PRE style="visibility: visible; display: block; font: fixed;
>> font-size: 10px;"> -->
>> <!-- "> <PRE style="visibility: visible; display: block; font: fixed;
>> font-size: 10px;"> -->
>>
>> --WRAPPER
>> (result of PGP/MIME decryption)
>> —WRAPPER—
>
> Looks alright so far, does the same work for inline PGP? Is there
> a particular for the specific inline-styles?
At least in Enigmail, inline-PGP is not affected by remote URL calls.
The reason is that Enigmail reads the encrypted message data from the
displayed message, and then replaces the displayed message content with
the decrypted message. In other words, if the secretly to-be-decrypted
message part is not displayed, then Enigmail won't come into action.
> In macOS Mail we will disable remote content loading completely
> and prevent the user from re-enabling it for encrypted messages.
The same is currently being developed in Thunderbird (using the "Simple
HTML" mode), together with a clean fix for the DOM tree issues.
-Patrick
More information about the Gnupg-users
mailing list