Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
I was wondering how, or if it is even possible, to embed a javascript button in my gmail signature?
You can't. Or at least, I really, really hope you can't.
Javascript does not belong on e-mails. If it did, then people could receive nightmarishly evil emails that open an infinite number of alerts, redirect them to an offsite page, read your emails and your contact list, and so on. There are too many security repercussions of allowing Javascript inside of e-mails.
For this reason, gmail blocks javascript inside of emails, as any respectable e-mail client should.
Html emails shown in browser email clients will be stripped of all javascript so you can try but it won't work. Other clients such as outlook (which uses MS Word to render the html) also strip (or ignore?) the javascript. It's a vulnerability to allow it.
Think of this scenario: javascript on a page has full access to make ajax calls. You could use JS to iterate through all your emails and contacts etc and then send them on to a foreign server.
Allowing JS to run in emails would be the equivalent of allowing XSS.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
How should I solve the e-mail privacy issue on the webpage, so it is not displayed in plain text in HTML code?
Malicious bots scrape the web in search of email addresses and plain text email addresses are more likely to be spammed.
A number of ways that you can do this:
spell the email out 'info at domain dot com'
create an image of the email address
use a contact form with additional anti-spam measures such as captcha
Unfortunately. most of these methods make it difficult for end users (especially the first two)
I would say the best way is to require the user to solve a CAPTCHA of some kind, and then when they succeed you should give them the email in plain text.
In particular, this allows users to copy-paste it into their email client, without the risk of mis-typing. Additionally, with the right CAPTCHA, this allows users with disabilities to contact you as well.
That said, you can keep your address completely hidden by having a contact form. In this way, it will be your server sending you the email on behalf of the user, and they will only ever know your address if you reply to them.
Quite a common method is to create an image with the email text within it.
Algorithms to read text from an image are a lot more complex (and error prone) than simple web scraping ones!
Edited to expand to include the details given in the comments.
It's important that this work be done server side, any manipulation done in javascript is likely to include the email address somewhere in the page's source - which any web scraper will have access to. Better to include an image with no reference to the image at all in it's url.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
How can I make a web app in Go?
Is there a way I can interchangeably use Go code and HTML like with PHP and HTML?
More specifically, what I want to know is how to get my PrintLn output to show in a web browser and how to accept input from HTML form fields?
You can't embed Go & HTML (for many, many reasons) but you can use Go's html/template package (http://golang.org/pkg/html/template/) to generate a HTML page from your HTTP handlers.
I'd suggest reading http://golang.org/doc/articles/wiki/ and using http://www.gorillatoolkit.org/ (routes, cookies, etc) for the web server side
You need to setup a web server in go and process http request/response as input/output. There is already an answer about go web frameworks which would be helpful. link
If you don't want your ui to show in a browser window, you will have to bind your own html engine. For that purpose you can look at ui frameworks like walk which has ie based webview builtin or engine bindings like go-webkit which builds a custom webview.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 6 years ago.
Improve this question
Talking about html forms, does the html obfuscation really works?
Some post on SO says it's really a loss of time, because a talented "hacker" will always find the way to access your form fields (ex. associating Labels to inputs).
Has anybody implemented obfuscation and actually suffered an attack?
I would like to have your opinion about this subject.
Thank's in advance.
Obfuscation can't prevent any hacking, at it's best it's slowing down the process.
Especially with forms - the attacker can just take a look into his webconsole, examine your requests and then forge his own request accordingly.
The only real secure method is checking every incoming request serverside, since your server (hopefully) can't be compromised.
Thus, obfuscating HTML just proves that the author "is a noob" for trusting such a method.
You don't need to be a "talented hacker" to see the HTML source un-obfuscated. It's enough to know how to install a browser e.g. Chrome and use the code inspector. The code inspector presents a nice formatted HTML in any case – since it reads in the DOM, not some mangled raw text.
HTML obfuscation is an obstacle of which I do not see any benefits.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
MY code creates an email that has the text <h1>google.com</h1> in the body of the email. When I take a look at the email that is sent, it shows google.com as a link. Is there a way to tag it as not a link but just text via html?
Thanks!
This is almost always done by the client and will be dependent on on how the client decides what is and is not test. Similar issues occur with emails that with text such as "please discuss with jessica#accounting" where it's parsed as an email address.
The typical solution is to use html entities for text that shouldn't get parsed by the client. Using your example:
<h1>google.com</h1>
I would, however, consider the idea that if something is actually a URL, whether you intended it to be a hyperlink or not, letting the client do what it does, as the user may be accustomed to this feature and like clicking on any url in the body to open it.
If its really an issue, you could always make it an image. i.e Make gif/jpeg with the string "google.com"
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
I have designed an HTML page which I will send out as an email.
I have never sent an HTML email before and need some pointers.
Do you literally just send the code in the body of the email?
What is the best way to attach images?
I have tried Google but haven't found anything that helpful, answers on here are always more informative!
I'm slightly unsure how the whole process works!
Thanks!
Do you literally just send the code in the body of the email?
No.
Rewrite the HTML and CSS to account for the many limitations of various HTML capable email clients and webmail systems.
Create a plain text alternative
Construct a multipart MIME email with the HTML and Text versions as alternate parts
The Campaign Monitor: Resources section has a lot of useful information.
What is the best way to attach images?
Generally speaking, link to external images. Otherwise the email file sizes will be huge.
If its a normal HTML Mailer then yes, you just simply put everything inside the tags inside, and attach images as you normally would using the .
When the user recived the email, if not in the trusted list, it wont load the images, and will ask the user if he/she wishes to load the remote images.
Hope this helps :)