Have you guys tested RoundCube for XSS vulnerabilities, for example using this list? http://ha.ckers.org/xss.html
Is it possible to completely disable the display of HTML messages in the web interface (ie make sure that HTML parts are only available as "Content-Type: attachment" http streams)?
Cc pls ;) _______________________________________________ List info: http://lists.roundcube.net/dev/