I have Done a Html format Email system…
So over there I can able to send email In html format..With internal CSS
Now I have done same with external bootstrap CSS..
over there CSS is missing. Hence I am using an External bootstrap css
this is my external css link
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css">
However external bootstrap CSS is loading when I run it as an Html page.
But its not working In Email
Please suggest me regarding this..
3
Answers
For more email template guidelines : http://earthintegrate.com/guidelines-for-creating-an-html-email-template/
Good Luck !
Srivin Prabhash
Gmail will strip everything in the
<head>
, that’s just how they made it.What you can do is to use a service like mailchips inline-css generator, to make all of the inline codes for you.
The reason for blocking external CSS is that it provides the same tracking ability that tracking pixels do – a given email is requesting data from a remote server in order to be able to render the page. Thus, no reasonable email client is going to allow you an uncontrolled CSS external link.
This abuse of CSS can be taken to the length of a complete CSS Keylogger which was discussed at length in Mike Gualtieri’s post.
Quoting Mike:
The CSS Exfil attack centers around the CSS ‘value selectors’, which can be used to parse HTML tag attribute data.
This simple example demonstrates how these selectors can be abused:
In the above example, when the HTML/CSS is rendered in a web browser, a background image is loaded on a remote host controlled by the attacker, indicating the value of the input is ‘mikeg’. To make the attack more useful, additional text parsing is required. Below are several proof of concept exploits demonstrating the variety, scope, and severity of potential attacks.
As mentioned in this Hacker news thread, it is prudent to leave password inputs completely uncontrolled, i.e. let the browser do its normal thing for updating the DOM based on user input.