Archive of UserLand's first discussion group, started October 5, 1998.

Javascript in Mail

Author:Eric Soroos
Posted:2/21/2000; 9:59:21 AM
Topic:scriptingNews outline for 2/21/00
Msg #:15156 (In response to 15154)
Prev/Next:15155 / 15157

While you may like the concept of javascript in an email message, I think it is a grave privacy invasion if it anything in the email message is allowed to contact machines other than your local computer.

While your use was perfectly reasonable, there are some subtle things that can be done that are not so nice.

Scenario 1:

Large unnamed firm has a lot of click data on people, but they don't have their email addresses associated with the click stream. But they have some cookies. So, they send out a customized bulk email with an image ref for their servers. On hotmail and some other webmail systems this sends the browser's cookie along with it. Encode the address in the url, and poof, you've connected the two.

Scenario 2:

You want to know if a message has been opened. Javascript can be used to send you a request when the message is opened. I'm not sure about you, but I'm not really sure that I want anyone who sends me email to know that I've opened it, and from what computer. My friends maybe. J. Random Spammer, definately not.

Scenario 3:

Obnoxious uses for javascript. We've all seen the porn popup windows, and the browser windows that go full screen and kill the back button. I don't want that in my email, even from my friends.

And that's not even touching the nasty security bugs that seem to popup every so often in javascript, or the possible confusion of local/remote code that can happen when you're running these scripts from within your mailbox.


There are responses to this message:

This page was archived on 6/13/2001; 4:54:22 PM.

© Copyright 1998-2001 UserLand Software, Inc.