[kmail2] [Bug 385649] New: KMail renders HTML-escaped <input/> elements without having HTML-view enabled

[Dennis Schridde]

https://bugs.kde.org/show_bug.cgi?id=385649

            Bug ID: 385649
           Summary: KMail renders HTML-escaped <input/> elements without
                    having HTML-view enabled
           Product: kmail2
           Version: 5.6.0
          Platform: Other
                OS: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: NOR
         Component: UI
          Assignee: kdepim-bugs at kde.org
          Reporter: dennis.schridde at uni-heidelberg.de
  Target Milestone: ---

KMail displays at the top of the email: "Note: This is an HTML message. For
security reasons, only the raw HTML code is shown."

The email has following headers:
Content-Transfer-Encoding: base64
Content-Type: text/html; charset="utf-8"

When decoding using `base64 -d`, I see that it contains `<tt style="background:
#ebebeb; font-size: 13px;"><input type="number"
value="1"/></tt>`

I did not "click here" to render HTML in KMail.  All HTML parts of the email
are replaced using their MarkDown (?) equivalent (which is as it should be),
except for the HTML-escaped <input/> element, which is actually being rendered
as an input field (which is a bug).  I.e. I can enter a number or use the
up/down buttons to change the value.  I.e. it is not being replaced by a
pure-text string.

I would expect to see the unescaped <input type="number" value="1"/> string,
instead of the rendered input field.

Version: 5.6.1 (which is not available in Bugzilla)
Package-Version: 4:17.08.1-0neon+16.04+xenial+build31

-- 
You are receiving this mail because:
You are the assignee for the bug.