| ▲ | chowells an hour ago | |||||||
The article addresses this, actually. Fetching any unsecured content is an attack vector. https://danq.me/2026/01/28/hsbc-dont-understand-email/#footn... | ||||||||
| ▲ | crazygringo an hour ago | parent [-] | |||||||
In this particular case, injecting content into the image to make someone read a false message doesn't seem possible. The pixel <img> tag has width and height set to one. This overrides whatever the image size is. No altered message will be readable. | ||||||||
| ||||||||