June 9, 2015
6:02 a.m.
On 2015-06-08 7:52 AM, Barry Warsaw wrote:
On Jun 08, 2015, at 02:13 PM, Abhilash Raj wrote:
Postorius just queries the core via REST API the for the message and dumps the message code in the "View". Probably we need to identify if the message contains a text/html part and then render that appropriately.
Although we do have to be careful not to provide a vector for malware attacking list admins.
Indeed. We should use a known parser to defang anything we re-display and absolutely positively not write a new one. There's probably something suitable in django already.
Terri