[kmail2] [Bug 429393] HTML email "leaks" styles into headers
Laurent Montel
bugzilla_noreply at kde.org
Mon Nov 23 05:52:49 GMT 2020
https://bugs.kde.org/show_bug.cgi?id=429393
--- Comment #7 from Laurent Montel <montel at kde.org> ---
(In reply to Jonathan Marten from comment #3)
> See also bug 317177 for fancy headers.
>
> This is obviously a general problem where any conflicting CSS included in a
> HTML message body could leak out into the header display. It may even be
> possible for a malicious message to hide or change header information, thus
> becoming a security risk. This cannot be worked around by filtering styles
> used by the header out of the message CSS, because KMail cannot know what
> style elements the header may use - it may have been written by the user or
> downloaded.
>
> Would it be possible to "sandbox" the message HTML isolated from the header
> - maybe within an iframe or similar element?
Hi
iframe can be a good idea but we can't know what is the exact message height so
we can have two scrollbar it's not good at the moment.
But isolate message must be a good idea.
I need to continue to investigate it.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Kdepim-bugs
mailing list