It would be a nice feature to somehow optionally show plain text and html side by side as well.

I have mixed feelings on this one - one of the things I like about MW is it is effectively immune from HTML exploits in email. Therefore if this is done it would need to be done carefully, things to consider (in my opinion):-
- Which rendering engine to use? (Webkit, Gecko, Trident or other)
- How will it be patched/made safe (on a regular basis)?
- Should this be done by a button that will save the email as local HTML file then launch the default browser to render (i.e. defer responsibility for security updates to the browser). What about images/web bugs though?
- Should MW have a half-way rendering mode where it can render the TEXT within the HTML without rendering the full HTML?

I think WPF might use IE by default?! Chris mentioned that only showing it when it's legit - from a friend and good, or perhaps we could use the Benign engine to rewrite the html so it's plain html (doesn't contain scripts, strips out other crap).

I like this -- especially making use of the b9 engine to strip out any exploitable stuff!

I'd think it might be best to go another direction to get this to work. How about instead of trying to build HTML into MW it is instead set up to make a temp file that can be launched in the user's browser of choice. Adding options like B9 filtering would be good too.

For me running Firefox along with the CookieSafe, AdBlock and NoScipt extensions it would be reasonably safe, not sure how good it would be for an IE user.

I think html is already built in to wpf so it's trivial to display it. The event log preview pane is in html. I'm not sure if a different rendering engine is able to be swaped in?

If html is built into WPF I suspect it uses Trident as the rendering engine (http://en.wikipedia.org/wiki/Trident_(layout_engine) )? If so it may be as vulnerable as IE to exploits?
The idea of using b9 to remove scripts etc. may be good - will that also strip remote images (otherwise web bugs could be a concern)?

B9 will be part of MWP once the proxy stuff is sorted (I hope) so that seems to be an obvious approach to develop further. I would hope that the rendering config could allow some flexibility. For instance profiles could be built for different "grades" of msgs. Spam would obvious have a profile that strips anything remotely exploitable whereas msgs know to be good could have a profile that allows full html, perhaps even javascript, etc.?

I would never use this feature if it was included. One of the major benefits of MW for me is that I can view the message in "safe mode". There are just too many ways for HTML to be infected to take a risk on it.

As far as allowing that if the message is "good"... no filter is ever going to be perfect. I see MW flag way too many "bad" messages as "good".

I think this is a Really Bad Idea. If I really want to see an HTML message in its full glory... that's what my mail client is for.

Another thought... instead of having MW do the HTML formatting on a message, why not let a web browser do the "heavy lifting"? Provide an option to "view message in browser", of course allowing multiple browser selection (IE, Firefox, Opera, etc).

This would relieve MW of the responsibility of filtering bad stuff out of the message, and let the user select a browser that would presumably have protections like virus and malware detection built in.

What Kurtgs said. No thanks.

Rather than rendering the full HTML, it would be nice if it could switch to show a plain-text representation of the HTML in the message. Lots of times rich-text newsletters are sent where the text/plain content only says that you are using an unsupported mail client. If it could parse out the text/html content in the same way it treats the text/plain content then we could see the intent of the message even if it wasn't fully styled. That should make it safe from exploits.

I feel safe viewing suspicious email with plain text. If I want to take a chance, I will do it in my mail server. Please! Keep us SAFE!

You know, this and many other things have been stated as being 'good ideas' and 'could well be in a future issue', many including b9 directly into an actual Firetrust Email Client that does it all, over the years I've been associated with MailWasher (which are considerable), but none have come to fruition...

What Kurtgs said. No thanks, I think it is too dangerous to render HTML. But if you do include that please have a checkbox so we can disable this option.

Absolutely do NOT implement such a "feature". The prime purpose of MW is to safely screen email. Safe means text only. As soon as you start rendering HTML you are vulnerable - especially don't even THINK about using the virus magnet IE for rendering. Even having an "Off" switch is problamatic.

In addition, adding rendering is just feature bloat. MW is not an email client it is a SPAM filter. Rendering and viewing an entire message is the proper function of an email client.

Is it possible to run HTML as a sand box? If yes, could be interesting, but similar to a email client. I don't know if this feature is a must. I prefer more work to speed up Mailwasher, since it's slow in my machine.