Open Bug 1798472 Opened 3 years ago Updated 3 years ago

Implement a pref in Thunderbird, that allows to enforce that forwarding inline and quoting use plain text or simple html

Categories

(Thunderbird :: Message Compose Window, enhancement)

Product:
Thunderbird
Component:
Message Compose Window
Type:
enhancement

Tracking

(Not tracked)

People

(Reporter: KaiE, Unassigned)

References

Details

I suggest that we change how Thunderbird quotes other messages.

When keeping styles from an original message, those styles can cause weird effects on the new message, some effects could even be rated as security issues.

I suggest that we always reduce the quoted message parts to either plain text, or to simple html, and removing all CSS styles.

This would affect:

  • reply
  • forward inline
  • in compose window: edit / paste as quotation
  • in compose window: options / quote message

In my opinion, when quoting a message, the important part is the text. You're quoting, because you want to indicate the text to which your new message refers to.

If you really need someone else to see the original message with all its styling, you can use "forward as attachment".

(While there are ideas to reduce today's issues with quoted styles (e.g. bug 1731198), they aren't simple to do. Should bug 1731198 ever get a decent and complete implementation, we could reconsider.)

This is probably a controversial suggestion. After discussing this briefly with Andrei, he is worried that this simplified display of quote content could be perceived by many users as "worse", and that the argument ("it's protecting you") may not be convincing.

So instead of enforcing it, maybe it should be offered optionally.

How could this be offered in a helpful and easy way, in all of the described scenarios?
Should it be interactive, to allow users to discover this mechanism to get a protection layer?
Or should be it only a hidden pref?

Here is another idea:

Whenever we'd do quoting today, do NOT insert the quoted immediately.
Rather, display a notification, which gives options, which I'd describe as:

  • Quote original message WITH full formatting (pretty but has risks)
  • Quote original message as simple html or plain text (safe but possibly ugly)
  • Do not quote original message at all

If anyone of you wants to see how a quoted "simple html" would look like, you could do this:

  • find an email with styling
  • with default settings, hit reply, and you should see the quoted message with the the same layout as the original message
  • close composer
  • use the menu: view / message body as / simple html
  • hit reply
  • you should see the quoted message without styling, in a simpler version

We already have a per account setting not to quote the message: Account Settings | Composition & Addressing | Automatically quote the original message when replying.

If someone thinks there is any risk, they can untick that option.
In reality, the risks are IMHO rather tiny. Sure you can play some trick on someone you know. But it always leaves an explicit tail of what happened, which is a pretty good deterrent for an attacker.

It's not yet clear what we will do in general (or if we will adjust the default behavior at all).

Let's start with a small step, which I've added in bug 1799480, I believe that suggestion shouldn't be controversial.

See Also: → 1799480

In the meantime I've learned that the risks, that motivated me to file this bug, are pretty well known already, see bug 1688659, and especially bug 1688659 comment 5.

(In reply to Magnus Melin [:mkmelin] from comment #2)

We already have a per account setting not to quote the message: Account Settings | Composition & Addressing | Automatically quote the original message when replying.

If someone thinks there is any risk, they can untick that option.

I think "not quoting at all" isn't a helpful solution.

If there isn't consensus for enforcing the use of stripped html when replying, it would be good to start offering this behavior as a pref. It could be a new pref, independent of the display pref (view message as).

I think it makes sense to have replies (and forwarding) by default use the same approach as the display mode. (And bug 1799480 is a scenario in which I think we're currently inconsistent.)

However, there might also be users who prefer to see emails in their original state (view message body as original html), but who would prefer to reply in a way that has less risks. An independent pref which choicese "always reply using" either "original html" or "simple html" or "plain text" would give users that choice.

Summary: Replying in Thunderbird, forwarding inline and quoting should use plain text or simple html, only → Implement a pref in Thunderbird, that allows to enforce that forwarding inline and quoting use plain text or simple html
See Also: → 1799482
You need to log in before you can comment on or make changes to this bug.