Forum: Ruby on Rails Javascript call in mail Url

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
3ee0b4f4c0585f8a960a982478179469?d=identicon&s=25 Raudra (Guest)
on 2014-07-31 14:05
(Received via mailing list)
I want to implement a javascript call in callback mail. There is any way
to
do this ..
Answer will be appreciated ,thanks
4c6bde00168d595053c09aac7e487f8e?d=identicon&s=25 Colin Law (Guest)
on 2014-07-31 14:49
(Received via mailing list)
On 31 July 2014 12:39, Raudra <raudra.pratap@strata.co.in> wrote:
> I want to implement a javascript call in callback mail. There is any way to
> do this ..

Can you explain what you mean by 'callback mail'?

Colin
A47e0a6beeb9d048ff054fc1c3a97418?d=identicon&s=25 Walter Davis (walterdavis)
on 2014-07-31 16:01
(Received via mailing list)
On Jul 31, 2014, at 8:47 AM, Colin Law wrote:

> On 31 July 2014 12:39, Raudra <raudra.pratap@strata.co.in> wrote:
>> I want to implement a javascript call in callback mail. There is any way to
>> do this ..
>
> Can you explain what you mean by 'callback mail'?
>
> Colin

Also, if you expect a JavaScript to execute in a mail client (Outlook,
Gmail, Mail.app) you will be waiting a very long time. That door is
bolted securely shut for very good reason.

Walter
280b78a61a968391b7e07e912be102a8?d=identicon&s=25 Robert Walker (robert4723)
on 2014-08-01 01:24
Walter Davis wrote in post #1153927:
> On Jul 31, 2014, at 8:47 AM, Colin Law wrote:
> Also, if you expect a JavaScript to execute in a mail client (Outlook,
> Gmail, Mail.app) you will be waiting a very long time. That door is
> bolted securely shut for very good reason.

If I'm not mistaken this is also true for most web based mail apps
running in browsers. Running JavaScript from user provided input (i.e.
the HTML email body) would very much open up the email viewer page to
XSS attacks. I'm quite sure the web mail clients would aggressively
strip all JavaScript from the contents of the email.
A47e0a6beeb9d048ff054fc1c3a97418?d=identicon&s=25 Walter Davis (walterdavis)
on 2014-08-01 04:23
(Received via mailing list)
On Jul 31, 2014, at 7:24 PM, Robert Walker wrote:

> strip all JavaScript from the contents of the email.
That's what I meant by adding Gmail in there. I forgot about the native
Gmail client on iOS, so that was ambiguous. This goes all the way back
to Hotmail before MS bought it. Even though the browser can run JS, they
would be mad to let you do that to yourself without really aggressive
sanitization.

Walter
This topic is locked and can not be replied to.