On Thu, 19 Jan 2012 22:26:02 -0500, Aaron Ecay <aaronecay@gmail.com> wrote: > On Fri, 20 Jan 2012 00:21:08 +0100, Pieter Praet <pieter@praet.org> wrote: > > So, would I be right to assume MML tags in signatures are never > > evaluated to begin with? Otherwise, there would still be a security > > hole, no? > > I am thinking of MML tags that a user puts in their own signature. > If that case is a security hole, then the hole is in the user’s brain > and not in notmuch. :) > Ah, right... I didn't bother checking what the mark's position would be, so assumed we were talking about the signature in the *quoted* message. Won't happen again :) > -- > Aaron Ecay Peace -- Pieter