Thanks for a bug report and patch. I adapted it to current sources and made some changes, mainly I skipped the UI part of the patch, due to lack of a good non-techy description of the option. That means that the option is rather hidden. It can be read for it using for example:

   $ gsettings get org.gnome.evolution.mail display-content-disposition-inline

and it can be changed with

   $ gsettings set org.gnome.evolution.mail \
        display-content-disposition-inline false

Created commit a48c080 in evo master (3.21.90+)

Removing the option in the preferences window sort of defeats the purpose. Users do not usually look for configuration options that are hidden. Only few users will be aware of the option and use it.

I would think having to set an option using gsettings is more of a barrier to non techy users than having an option in a preferences window with a somewhat cryptic description.

(Otoh, how cryptic is the sentence "Display inline content" really? Perhaps changing it to "Automatically display inline content" clears it up a bit.)

I would suggest adding the UI config option back in and work in the translations as they are provided.

A non technical description could be:

The option "Display inline content" can be toggled off to block the automatic rendering of content that is tagged with Content-Disposition: inline. Disabling automatic rendering of content protects against adversaries trying to exploit vulnerabilities in local libraries by sending specially crafted files.

Compare https://rhn.redhat.com/errata/RHSA-2016-1547.html .

There are couple "issues" involved, like:

a) the cryptic option description, as noted above
b) the idea of not having too many option in the UI (which I do not like, as
   there are many other missing good options in the UI after this decision)
c) the term "inline content" is ambiguous. While you reference to parts
   with Content-Disposition:inline, the usual "inline content" means
   images inside HTML, or even inline GPG signatures/encrypted blocks.

I know that gsettings is not ideal, but it's the way to is is done these days.
A compromise can be to write a FAQ entry or a user documentation section about this option (and possibly also other hidden options) with a nice description.

(In reply to Milan Crha from comment #3)
> There are couple "issues" involved, like:
> 
> a) the cryptic option description, as noted above

Perhaps you can come up with a less cryptic description?

> b) the idea of not having too many option in the UI (which I do not like, as
>    there are many other missing good options in the UI after this decision)

How about adding an extra tab for "advanced options"? Hiding configuration options seems like a poor idea to me. In every case.

> c) the term "inline content" is ambiguous. While you reference to parts
>    with Content-Disposition:inline, the usual "inline content" means
>    images inside HTML, or even inline GPG signatures/encrypted blocks.

How about:

Automatically display Content-Disposition: inline

or

Automatically display parts with Content-Disposition: inline


> I know that gsettings is not ideal, but it's the way to is is done these
> days.

See my remark at b).

> A compromise can be to write a FAQ entry or a user documentation section
> about this option (and possibly also other hidden options) with a nice
> description.

Where should such documentation be submitted?

*** Bug 229013 has been marked as a duplicate of this bug. ***