Comment by fc417fc802

I never claimed email clients were uniform (that would obviously be incorrect). I responded to "too much security surface area" with "browsers seem to manage it". The security is clearly a solvable problem because we all use the solution every day.

In your analogy, different email clients equate to different products (ie websites). I agree that it's a headache for users. My point was that it's not an unsolvable security issue but rather an unsolvable lack of agreement about what should and shouldn't be included in a rich text representation, or if email should even use rich text at all for that matter.