Dillo & Sylpheed Integration Patches

Status | About | Download


Current Working Pair:

  • Dillo CVS 2003-03-16 and newer
  • Sylpheed-Claws 0.8.11claws14 and newer


As of 2003-03-16, CVS sources of Dillo do not contain the security issue noted below anymore. Thanks to Dillo's authors for the quick reaction.


Since version 0.7.0, Dillo has integrated the different patches (embedding, a modified version of local browsing and the fullwindow startup). So there is no need to patch Dillo anymore, but:

WARNING: Dillo 0.7.0 and newer have a bug that will make it load remote images even though it was launched with the SpamSafe (-l) command line when the HTML text contains a <base href=…> entity. You can find a patch against Dillo CVS sources here.

As of CVS version 0.8.11claws14, Sylpheed-Claws includes a Dillo plugin to allow inline viewing of HTML mail. The forthcoming public release 0.8.12claws will include it officially. So there is no need to patch Sylpheed-Claws anymore.


As of 2003-02-06, Sylpheed-Claws does not yet include the patches to use Dillo as an integrated HTML viewer. Nevertheless, it is planned that Sylpheed-Claws 0.8.11 will be able to use Dillo officially for HTML mail. Until then, the patches concerning Sylpheed-Claws provided in this page are still needed.

When using Dillo version 0.7.0, which already integrates the slightly modified patches, the HTML mail is viewed in a safe manner by not following the links it includes (screenshot: initial message view), until the user hits the reload button, in which case the HTML mail is reloaded completly, eventually showing remote resources, i.e. the links are followed (screenshot: message view after hitting the reload button).

Note:The rest of this page and the screenshots it shows concern Dillo versions patched with the patches found in this site and not Dillo 0.7.0 (and newer).


The Embeddable Dillo, Local Browsing and Full Window Startup patches originally served the purpose of adding an as safe as possible HTML mail viewing ability to Sylpheed-Claws mail client. The three patches were merged into a unique patch and Sylpheed-Claws was modified to automatically launch Dillo with the -f -l -xid XID %f arguments, where %f denotes the HTML part of an email. This result in a safer and comfortable way to view such insecure messages. Here is a picture of what it looks like on a SPAM HTML mail. After double-clicking on the window to toggle-off the full window mode and to see what the status bar shows if there is an attempt to connect a remote host when using the local browsing option, you can see this same SPAM HTML trying to connect a remote host. Only one comment: thanks to Dillo, Sylpheed and these patches, you can securely see such mails. At least, I hope!

2002-10-14: With the newer Dillo patch it is possible to switch the local browsing only mode (offline) on and off inside Dillo. This will allow reloading a current HTML mail after allowing access to the Internet.

IMPORTANT: 2002-11-01: I found in some mailing list message that spammers could use DNS lookups to check if their message was read or not by supplying a unique non-existent address, e.g. 123456.the.spam.com, and by checking their DNS server log. The Dillo patch does not provide a protection against this, because the DNS lookup is done even when "offline" browsing is enabled to test if the eventual link resolves into a localhost address (127.*.*.*). I currently don't know of any simple way to test without DNS lookup whether an address is the address of the localhost.


Note: Download and apply the patches only if you know what you are doing. These are experimental patches for developers and not really intended for end-users. If you don't know how to apply them, chances are you don't want to use them. HTML mail is interesting but it opens a can of worms. The Sylpheed-Claws patch is virtually the can of worms. All suggestions welcome.


The all-in-one patch for Dillo 0.7.0pre-v1 is here: dillo-0.7.0-pre-v1-cli-local-fullwindow-xid.patch. You'll need at least to run automake.


The Sylpheed-Claws 0.8.5claws54 patch is here sylpheed-0.8.5claws54-dillo.patch. Compared to the older patch, this patch just adds "-dillo" to the version string. autogen.sh should be rerun.


The new all-in-one Dillo patch that allows in-session offline toggling is here: dillo-cvs-2002-10-14-cli-local2-fullwindow-xid.patch. This patch modifies src/Makefile.am and adds two new files so you may need to run at least automake.


The Sylpheed-Claws 0.8.3claws32 patch is here: sylpheed-0.8.3claws32-dillo.patch.


This patch contains all the following patches: command line options, local browsing, fullwindow start and embeddable Dillo. It applies cleanly on Dillo cvs 2002-08-13. You can get it here: dillo-cvs-2002-08-13-cli-local-fullwindow-xid.patch.


This patch contains all the following patches: command line options, local browsing, fullwindow start and embeddable Dillo. It applies cleanly on Dillo cvs 2002-08-06. You can get it here: dillo-cvs-2002-08-06-cli-local-fullwindow-xid.patch.

The Sylpheed-Claws 0.8.1claws28 patch is here: sylpheed-0.8.1claws28-dillo.patch.


The single patch of the merged features for Dillo is here: dillo-cvs-2002-05-18-xid-local-fullwindow.patch

The can of worms for Sylpheed-Claws 0.7.6claws4 is here: sylpheed-0.7.6claws4-dillo.patch. (the 4 in claws4 is the cvs-Claws version, the patch should apply to the released 0.7.6claws, too)

Page accesses since 2003-25-03: counter Valid HTML 4.01!