https://bugs.kde.org/show_bug.cgi?id=429393
Jonathan Marten <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #3 from Jonathan Marten <[email protected]> --- See also bug 317177 for fancy headers. This is obviously a general problem where any conflicting CSS included in a HTML message body could leak out into the header display. It may even be possible for a malicious message to hide or change header information, thus becoming a security risk. This cannot be worked around by filtering styles used by the header out of the message CSS, because KMail cannot know what style elements the header may use - it may have been written by the user or downloaded. Would it be possible to "sandbox" the message HTML isolated from the header - maybe within an iframe or similar element? -- You are receiving this mail because: You are the assignee for the bug.
