https://bugs.kde.org/show_bug.cgi?id=429393
--- Comment #7 from Laurent Montel <mon...@kde.org> --- (In reply to Jonathan Marten from comment #3) > See also bug 317177 for fancy headers. > > This is obviously a general problem where any conflicting CSS included in a > HTML message body could leak out into the header display. It may even be > possible for a malicious message to hide or change header information, thus > becoming a security risk. This cannot be worked around by filtering styles > used by the header out of the message CSS, because KMail cannot know what > style elements the header may use - it may have been written by the user or > downloaded. > > Would it be possible to "sandbox" the message HTML isolated from the header > - maybe within an iframe or similar element? Hi iframe can be a good idea but we can't know what is the exact message height so we can have two scrollbar it's not good at the moment. But isolate message must be a good idea. I need to continue to investigate it. -- You are receiving this mail because: You are watching all bug changes.
