digitalecartoons Posted August 25, 2007 Share Posted August 25, 2007 I'm having my mailforms send as plain text mail without the use of htmlentities. As I mail reader I'm using either: webmail (squirrelmail), which processes them with htmlentities itself anyway, so even if it is displayed as "plain text", it's actually shown as html but with html entities in the "source" so tags/scripts in the message are shown as their original characters without the danger of them being executed or: Thunderbird, which shows plain text always as plain text, not as html (that's true, isn't it?), so any tags/scripts aren't executed anyway. Am I now protected enough against xss attacks? Link to comment https://forums.phpfreaks.com/topic/66682-protect-against-xss-attacks/ Share on other sites More sharing options...
MadTechie Posted August 25, 2007 Share Posted August 25, 2007 if your viewing as plan text your fine..from XSS Link to comment https://forums.phpfreaks.com/topic/66682-protect-against-xss-attacks/#findComment-334172 Share on other sites More sharing options...
digitalecartoons Posted August 26, 2007 Author Share Posted August 26, 2007 Can you name any email readers which by default show even plain text mails as html view, or have the option to do so? Link to comment https://forums.phpfreaks.com/topic/66682-protect-against-xss-attacks/#findComment-334411 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.