[kmail2] [Bug 429393] HTML email "leaks" styles into headers
https://bugs.kde.org/show_bug.cgi?id=429393 Erik Quaeghebeur changed: What|Removed |Added Status|REPORTED|RESOLVED CC||bugs.kde@e3q.eu Resolution|--- |DUPLICATE --- Comment #8 from Erik Quaeghebeur --- *** This bug has been marked as a duplicate of bug 371656 *** -- You are receiving this mail because: You are the assignee for the bug.
[kmail2] [Bug 429393] HTML email "leaks" styles into headers
https://bugs.kde.org/show_bug.cgi?id=429393 --- Comment #7 from Laurent Montel --- (In reply to Jonathan Marten from comment #3) > See also bug 317177 for fancy headers. > > This is obviously a general problem where any conflicting CSS included in a > HTML message body could leak out into the header display. It may even be > possible for a malicious message to hide or change header information, thus > becoming a security risk. This cannot be worked around by filtering styles > used by the header out of the message CSS, because KMail cannot know what > style elements the header may use - it may have been written by the user or > downloaded. > > Would it be possible to "sandbox" the message HTML isolated from the header > - maybe within an iframe or similar element? Hi iframe can be a good idea but we can't know what is the exact message height so we can have two scrollbar it's not good at the moment. But isolate message must be a good idea. I need to continue to investigate it. -- You are receiving this mail because: You are the assignee for the bug.
[kmail2] [Bug 429393] HTML email "leaks" styles into headers
https://bugs.kde.org/show_bug.cgi?id=429393 --- Comment #6 from Laurent Montel --- I received it. Thanks -- You are receiving this mail because: You are the assignee for the bug.
[kmail2] [Bug 429393] HTML email "leaks" styles into headers
https://bugs.kde.org/show_bug.cgi?id=429393 --- Comment #5 from Thomas Tanghus --- (In reply to Laurent Montel from comment #4) > could you send me it your email in private ? > Thanks I have tried to send it to you, but I'm not sure it actually got sent as KMail didn't give any notifications. Let me know if it hasn't arrived. -- You are receiving this mail because: You are the assignee for the bug.
[kmail2] [Bug 429393] HTML email "leaks" styles into headers
https://bugs.kde.org/show_bug.cgi?id=429393 Laurent Montel changed: What|Removed |Added CC||mon...@kde.org --- Comment #4 from Laurent Montel --- could you send me it your email in private ? Thanks -- You are receiving this mail because: You are the assignee for the bug.
[kmail2] [Bug 429393] HTML email "leaks" styles into headers
https://bugs.kde.org/show_bug.cgi?id=429393 Jonathan Marten changed: What|Removed |Added CC||j...@keelhaul.me.uk --- Comment #3 from Jonathan Marten --- See also bug 317177 for fancy headers. This is obviously a general problem where any conflicting CSS included in a HTML message body could leak out into the header display. It may even be possible for a malicious message to hide or change header information, thus becoming a security risk. This cannot be worked around by filtering styles used by the header out of the message CSS, because KMail cannot know what style elements the header may use - it may have been written by the user or downloaded. Would it be possible to "sandbox" the message HTML isolated from the header - maybe within an iframe or similar element? -- You are receiving this mail because: You are the assignee for the bug.
[kmail2] [Bug 429393] HTML email "leaks" styles into headers
https://bugs.kde.org/show_bug.cgi?id=429393 --- Comment #2 from Thomas Tanghus --- Created attachment 133498 --> https://bugs.kde.org/attachment.cgi?id=133498=edit HTML -- You are receiving this mail because: You are the assignee for the bug.
[kmail2] [Bug 429393] HTML email "leaks" styles into headers
https://bugs.kde.org/show_bug.cgi?id=429393 --- Comment #1 from Thomas Tanghus --- Created attachment 133497 --> https://bugs.kde.org/attachment.cgi?id=133497=edit Plain -- You are receiving this mail because: You are the assignee for the bug.