> I think the moral here is that a secure messenger should not execute inherently insecure code (i.e.complex code) on behalf of entities that are not really well trusted by the user. The default should be always plain text.
Whattsup and co, are very happy to execute untrusted code: images displayed in messages, websites fetched and rendered. Basically a bad actor's wet dream.
Whattsup and co, are very happy to execute untrusted code: images displayed in messages, websites fetched and rendered. Basically a bad actor's wet dream.