[Bug 298677] New: Website opened in tab can change font in Akregator's preview panel

Christian Boltz kde-bugs at cboltz.de
Mon Apr 23 16:39:28 BST 2012 

https://bugs.kde.org/show_bug.cgi?id=298677

            Bug ID: 298677
          Severity: critical
           Version: unspecified
          Priority: NOR
          Assignee: kdepim-bugs at kde.org
           Summary: Website opened in tab can change font in Akregator's
                    preview panel
    Classification: Unclassified
                OS: Linux
          Reporter: kde-bugs at cboltz.de
          Hardware: Other
            Status: NEW
         Component: internal browser
           Product: akregator

I'm using the latest openSUSE KDE 4.8.2 packages (from KDE:Distro:Factory) and
Akregator 4.8.2.

I was quite "surprised" to see a very different font than usual in Akregator's
HTML preview area. It turned out that a page I had previously read in a tab
changed the preview area's font.

I'll attach a RSS feed as (half a) reproducer and a screenshot with shows the
normal and the changed font side by side. However you'll need the website
http://www.thedailybeast.com/articles/2012/04/12/governor-jan-brewer-signs-arizona-s-extreme-new-abortion-law.html
(linked in the reproducer RSS) to reproduce the issue - in other words: please
check this before the page is modified or deleted ;-)

The only way to reset the font is to restart Akregator.

Reproducible: Always

Steps to Reproduce:
1. add the attached file as feed to Akregator (using
file:///path/to/the/attached.rss)
2. select the article in this feed
3. in the preview area, click the "In Arizona gilt jetzt [...]" link to open it
in a new tab
4. switch to the newly opened tab
5. switch back to the article overview and check the preview area
Actual Results:  
The website opened in a tab somehow changed the font in the preview area.

Expected Results:  
A website opened in a tab should NEVER be able to modify the preview area.

I'm rating this as critical because it could be a security issue. A website
opened in a tab should never be able to modify the preview area, and I'm afraid
it could change more than just the font...

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the Kdepim-bugs mailing list