Closed Bug 174564 Opened 22 years ago Closed 22 years ago

When replying to a text message that contains HTML/JS/CSS code this code is executed instead of being quoted ! (security risk ?)

Categories

(MailNews Core :: Composition, defect)

Product:
MailNews Core
Component:
Composition
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
VERIFIED DUPLICATE of bug 173953

People

(Reporter: pascalc, Assigned: bugzilla)

Details

Build 2002101412 WinXP, tested with a new profile.

1 Send to yourself a  text email that contains code such as

hello,
<h1>this is a test</h1>

2 download this email and reply to it

expected result:

----
>hello,
><h1>this is a test</h1>
here is my reply
----

actual result:
-----
>hello,
>THIS IS A TEST
here is my reply
-----

the "This is a test" part is displayed as HTML

Note that I do not compose in HTML format and that I have Mozilla display
messages as text only.
This should be fixed in the next day or so...

*** This bug has been marked as a duplicate of 173953 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
v
Status: RESOLVED → VERIFIED
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.