[kdepim] [Bug 371656] HTML mail styles spill into message header: security risk
Erik Quaeghebeur
bugzilla_noreply at kde.org
Sun Jan 2 23:19:36 GMT 2022
https://bugs.kde.org/show_bug.cgi?id=371656
--- Comment #13 from Erik Quaeghebeur <bugs.kde.org at e3q.eu> ---
1. I have looked at two webmail clients (Fastmail and Web Outlook) to see how
they deal with this issue. They essentially seem to include a div with the HTML
email that includes the style element for that email. While this is against the
html spec (style may only be introduced in the head element), it seems to work
decently.
2. After reading up on the current state of HTML, a possibly spec-compliant fix
might be achieved using ‘Web Components’
<https://developer.mozilla.org/en-US/docs/Web/Web_Components>, using templates
and/or slots. It seems designed mostly with dynamic pages in mind, bit may be
usable even for kmail's relatively simple purpose. How exactly this could be
done is not clear to me yet, TBH.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Kdepim-bugs
mailing list