Email Security - Parse email body for malicious content

[Alan Wells]

Will getting the email body as plain text insure that there is nothing malicious left in it?  Or should the body content be parsed for something more?

var emailBody = thread.getPlainBody();//Get the email body as plain text

I'm creating a simple web app to view any emails that I don't want to click on to open.  Unfortunately, I might sometimes not know if an email is from a legitimate contact, or spam, or otherwise.  So, the web app will get the email body as plain text and show it in the web app.  That way I can read the email without opening it, or even clicking on it in any way.  Not even to click the check box.  Then the web app can move it to spam.

GmailApp.moveThreadToSpam(thread);

I know that one pixel transparent images can be put into emails, but not sure about anything else.

[Clark Lind]

I'm thinking that should be safe enough. If you truly want to be paranoid, you could split the string and just display the two parts concatenated.

[Alan Wells]

Emojis don't get taken out of plain text.  I have no idea whether they would be a security risk, but I found a way to strip them out.