digitalecartoons Posted August 25, 2007 Share Posted August 25, 2007 I'm having my mailforms send as plain text mail without the use of htmlentities. As I mail reader I'm using either: webmail (squirrelmail), which processes them with htmlentities itself anyway, so even if it is displayed as "plain text", it's actually shown as html but with html entities in the "source" so tags/scripts in the message are shown as their original characters without the danger of them being executed or: Thunderbird, which shows plain text always as plain text, not as html (that's true, isn't it?), so any tags/scripts aren't executed anyway. Am I now protected enough against xss attacks? Quote Link to comment https://forums.phpfreaks.com/topic/66682-protect-against-xss-attacks/ Share on other sites More sharing options...
MadTechie Posted August 25, 2007 Share Posted August 25, 2007 if your viewing as plan text your fine..from XSS Quote Link to comment https://forums.phpfreaks.com/topic/66682-protect-against-xss-attacks/#findComment-334172 Share on other sites More sharing options...
digitalecartoons Posted August 26, 2007 Author Share Posted August 26, 2007 Can you name any email readers which by default show even plain text mails as html view, or have the option to do so? Quote Link to comment https://forums.phpfreaks.com/topic/66682-protect-against-xss-attacks/#findComment-334411 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.