Bug 262386 - allow HTML by default
Summary: allow HTML by default
Status: REPORTED
Alias: None
Product: kmail2
Classification: Applications
Component: general (show other bugs)
Version: unspecified
Platform: Ubuntu Linux
: NOR wishlist
Target Milestone: ---
Assignee: kdepim bugs
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-01-07 09:43 UTC by Alexander van Loon
Modified: 2012-11-24 10:18 UTC (History)
3 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander van Loon 2011-01-07 09:43:09 UTC 
Version:           unspecified (using KDE 4.5.90) 
OS:                Linux

I think HTML should be allowed by default, including loading external references from the Internet. KMail (4.6 beta 3) here is the only e-mail client I know of which is so paranoid to disable HTML by default, Evolution doesn't do it and never gave me trouble in this regard.

The following happened yesterday. I received a newsletter, which I thought was plain text because it looked okay (no HTML tags everywhere) and because I didn't get a warning that KMail wasn't showing the HTML (the warning in the box with the red lines). I didn't like the newsletter, but I didn't notice a link to unsubscribe from it. I complained with the customer service, who told me that there is a link in the message. I looked at the source and noticed the link and the fact that was an HTML message and not plain text.

Enabling the options 'Prefer HTML to plain text' and 'Allow messages to load external references from the Internet' in Settings > Configure KMail... > Security fixed this and made KMail display the newsletter correctly.

But I didn't file this bug report for an incidental HTML message for which KMail doesn't give it's usual warning that it isn't displaying it correctly. Even if the user does get the warning and sees a messages littered with HTML tags it's too intimidating. I'm not alarmed because I know about HTML and the reasons why it should not be allowed for security considerations, but my mother who is also using KMail does not. She was confused when she saw this happen and had to ask me for help, she doesn't know anything about HTML (and she doesn't read the explanations in the configuration dialog).

Let's face it, HTML messages are very common, all other e-mail client I know of display them by default, novice users are confused when KMail isn't displaying HTML even if it can be enabled to do so. And how serious is the security threat? Those who worry about security can always disable HTML, but for the sake of sane defaults, please enable these options by default.

Reproducible: Always
Comment 1 Torgny Nyblom 2011-01-07 12:43:55 UTC 
As for enabling Prefer HTML as default I might go along if enough users/devs agree but for the "load from internet" that is a no go.
Comment 2 Alex Wright 2011-07-14 10:33:14 UTC 
I think "Prefer HTML" as default is reasonable.

I'd like the option for "Allow external references for this sender".

I guess I should open another bug for that!
Comment 3 Laurent Montel 2011-08-05 07:48:58 UTC 
You can open an other bug, but not a bug a whichlist
Regards
Comment 4 Bernd Oliver Sünderhauf 2012-11-24 10:18:17 UTC 
I'd agree to Torgny:
"Allow external references for this sender" by default is an absolute no go securitywise.
But "Prefer HTML" is a sensible default for novice end users testing kmail. Most of them will compare kmail to Gmail, Outlook, or Thunderbird, determining if kmail does what they expect it to do. If it doesn't, they tend to abandon using kmail.
More tech-affine kmail novices on the other hand will be able to make an informed decision, so they're not the ones we need to cater primarily.