https://bugs.kde.org/show_bug.cgi?id=429393
Jonathan Marten <j...@keelhaul.me.uk> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |j...@keelhaul.me.uk
--- Comment #3 from Jonathan Marten <j...@keelhaul.me.uk> ---
See also bug 317177 for fancy headers.
This is obviously a general problem where any conflicting CSS included in a
HTML message body could leak out into the header display. It may even be
possible for a malicious message to hide or change header information, thus
becoming a security risk. This cannot be worked around by filtering styles
used by the header out of the message CSS, because KMail cannot know what style
elements the header may use - it may have been written by the user or
downloaded.
Would it be possible to "sandbox" the message HTML isolated from the header -
maybe within an iframe or similar element?
--
You are receiving this mail because:
You are watching all bug changes.
