[kmail2] [Bug 377247] New: kMail 2 does not properly escape header

[Gunter Ohrner]

https://bugs.kde.org/show_bug.cgi?id=377247

            Bug ID: 377247
           Summary: kMail 2 does not properly escape header
           Product: kmail2
           Version: 5.4.1
          Platform: Neon Packages
                OS: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: NOR
         Component: UI
          Assignee: kdepim-bugs at kde.org
          Reporter: kdebugs at CustomCDROM.de
  Target Milestone: ---

kMail does not escape the "Sender" headers contents properly before
interpreting the mail text as HTML.

This issue basically is the same as Bug 361173 (Disposition-Notification-To not
correctly escaped in message viewer), just with a different header - maybe the
same problem still lingers for other headers as well?

Here follows an excerpt of a message's "view source / HTML" view:

-------------------------------------------------------------------
<div class="row">
 <div class="headerleft">Sender:</div>
 <div class="headerright">Gunter Ohrner
<senderaddress at example.com></senderaddress at example.com></div>
</div>
-------------------------------------------------------------------

The original "Sender" header contained "Gunter Ohrner
<senderaddress at example.com>" and the brackets should have been escaped instead
of being interpreted as HTML tags...

Also, for other headers which may contain mail addresses, those addresses are
converted to links by kMail, which would also be a good idea for "Sender"
header. (I think this is not done for the "Disposition-Notification-To" after
the fix, for whatever reason?)

-- 
You are receiving this mail because:
You are the assignee for the bug.