User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:18.104.22.168) Gecko/20061206 Firefox/22.214.171.124 Build Identifier: version 126.96.36.199 (20061207) An NNTP article includes an <IMG src="http://badsite/....jpg">. Thunderbird does not block the image (even though "Privacy/General/Block loading of remote images in mail messages" is checked). I assume thunderbird sent an HTTP request to badsite, and badsite now has (at a minimum) my IP address. This is a privacy/security problem. The 'Block loading of remote images' preference should also apply to NNTP. Reproducible: Didn't try Steps to Reproduce: I dont have access to a webserver to emulate the badsite. But try this: 1.Set the 'Block loading of remote images...' checkbox. 2.Create an NNTP article with an imbedded <IMG src=http://yourserver/...jpg> tag. 3.In thunderbird, read the article. Actual Results: I see the image. Expected Results: The yellow 'thunderbird has blocked images' message should appear. I have not tested this for RSS. I expect a similar problem.
This is a legit enhancement request so confirming, but this may be an explicit decision for news (I'm not a mail guy). In the meantime, for your own protection you can use the View menu to show message bodies as "Simple HTML" which will strip out all images regardless. Or even use "plain text" which is really what news should be anyway. Unfortunately the view setting is global, would be nice if it were per account.
Severity: normal → enhancement
Status: UNCONFIRMED → NEW
Ever confirmed: true
(In reply to comment #1) > you can use the View menu to show > message bodies as "Simple HTML" which will strip out all images regardless. No, it doesn't, not by default. You can tweak to cause this behavior, however, by adjusting the pref mailnews.display.html_sanitizer.allowed_tags to either remove the "img(...)" part entirely, or remove the 'src' from the parenthesized list. > Unfortunately the view setting is global, would be nice if it were per > account. Per-folder: bug 233109
Status: NEW → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 272984
You need to log in before you can comment on or make changes to this bug.