[kmail2] [Bug 429393] HTML email "leaks" styles into headers
Jonathan Marten
bugzilla_noreply at kde.org
Sat Nov 21 13:20:41 GMT 2020
https://bugs.kde.org/show_bug.cgi?id=429393
Jonathan Marten <jjm at keelhaul.me.uk> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jjm at keelhaul.me.uk
--- Comment #3 from Jonathan Marten <jjm at keelhaul.me.uk> ---
See also bug 317177 for fancy headers.
This is obviously a general problem where any conflicting CSS included in a
HTML message body could leak out into the header display. It may even be
possible for a malicious message to hide or change header information, thus
becoming a security risk. This cannot be worked around by filtering styles
used by the header out of the message CSS, because KMail cannot know what style
elements the header may use - it may have been written by the user or
downloaded.
Would it be possible to "sandbox" the message HTML isolated from the header -
maybe within an iframe or similar element?
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Kdepim-bugs
mailing list