Richtext in Pseudo-mailing-lists #91
Labels
No Label
bug
build
dependencies
developers
documentation
duplicate
enhancement
formatting
invalid
legal
mobile
obsolete
packaging
performance
protocol
question
refactoring
regression
security
test
translation
usability
wontfix
No Milestone
No project
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Bitmessage/PyBitmessage-2024-12-08#91
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
The text prepended in pseudo-mailing-lists, "Message ostensibly from", causes the textEditInboxMessage qTextEdit widget to interpet all messages as text, due to QTextEdit::setText being used.
Possible fixes might be to use QTextEdit::setHtml() for all Broadcasts where the Address is in Subscriptions or Address Book, or when the first characters of the original body are "<html>" or "".
Currently this behavior is on purpose. It is unfortunately possible to imbed base64 encoded images right in the body of a message and have it show if you use setHTML. This makes me nervous because anyone could broadcast very inappropriate material over a pseudo-mailing list and it would display to all of the users.
When it comes to security I'd also say that enabling html by default -could- be used to spread inappropriate stuff and I am also thinking about stuff other than images, like scripts, iframes and similar.
A solution which worked okay for me was to implement an additional button that allows me to toggle between plain text and rich text display mode so I am in full control of what I want to see and what not. It kind of resembles the "Display images" button which some traditional email clients use. (See below)
Like I previously said to delicatebits (via Bitmessage :-) ) a 3rdparty client like walrus, which uses the official api could be a solution. That way users could still use the vanilla client while - on the other hand - being able to view richt content as well.
@Scopelabz Qt's richtext is based on a subset of html4, http://qt-project.org/doc/qt-4.8/richtext-html-subset.html, so scripts and iFrames shouldn't be a concern. What little testing I've done showed it wasn't possible to include remote files, either.
@Atheros1 You're right, a user can't trust the content of mailing lists like they can with regular broadcasts and person-to-person messages. I've submitted a pull request that I think addresses your concerns.
@delicatebits
Ah thanks for the info, I wasn't quite aware of that since I never used rich text stuff in Qt (I mostly develop headless software).
So this is all implemented in the Master branch on Github. Would anyone who has international characters in various places (like the time?) be able to test?
Adding
<br>
to the end of every line, L#4606 breaks formatting and embedded images.The date on the network status tab seems to be displayed correctly.
Thank you, I fixed L#4606