I just received a mail with this subject: =?UTF-8?B?Q29uc2lndWUgdG9kbyBlbCBmw7p0Ym9sIGNvbiBGVVNJw5NOIGNvbiBlc3RlIG9mZX J0w7Nu?= TB doesn't decode that at all. Removing the space I get: Consigue todo el fútbol con FUSIÓN con este ofertón Using my PHP decoder at http://www.jorgk.com/decode/decode.php I also get that result even with the space included. Looks like JS Mime could be a little more tolerant. Alfred?
(In reply to Jorg K (GMT+2) from comment #0) > I just received a mail with this subject: > =?UTF-8?B?Q29uc2lndWUgdG9kbyBlbCBmw7p0Ym9sIGNvbiBGVVNJw5NOIGNvbiBlc3RlIG9mZX > J0w7Nu?= > > TB doesn't decode that at all. Removing the space I get: > Consigue todo el fútbol con FUSIÓN con este ofertón A space or a 'folding white space'? Dupe of Bug 1439542? > Using my PHP decoder at http://www.jorgk.com/decode/decode.php I also get > that result even with the space included. Looks like JS Mime could be a > little more tolerant. Alfred? If you be able to implement this somewhat fail-safe, I agree. But I'm afraid you'll open the "Pandora's Box" with it. See also Bug 1439542 comment #4 I do not want to be a spoilsport. But how far do you want to go? Only remove one space? Also FWS? Several? What about a subject like "A MIME word starts with =?UTF-8?B? and ends with ?="? }:-) (see also Bug 756862 - But that's a completely different story.)
As printed in comment #0, a space in the base64, not a folding space. FWS (Folding White-Space, well, we could, and yes, several as well. But I see that |A MIME word starts with =?UTF-8?B? and ends with ?=| would cause a problem. OK, here we go for the next error. Type this as the subject of a message: A MIME word starts with =?UTF-8?B?andendswith?= You get this as a subject: =?UTF-8?Q?A_MIME_word_starts_with_jw=5e=ef=bf=bd=ef=bf=bd0?= :-(
Another thought: Could a SPAMer use a SPACE to hide his Subject from a Junk filter?
This allows decoding of MIME words with SPACES inside in the thread pane and in the header pane. Unfortunately, I also see two side effects: - Folded MIME words are viewed decoded in thread pane, but not in header pane. I guess that's because we store them already unfolded in our database. And so they are used in the thread pane. - We will also decode pain text headers like: Subject: MIME words begin with =?UTF-8?B? and end with ?= => MIME words begin with jw^��" Both cases are unpleasant but relatively unlikely.
Can you please include a test, or should I?
(In reply to Jorg K (GMT+1) from comment #5) > Can you please include a test, or should I? this one already fails with the patch: https://searchfox.org/comm-central/source/mailnews/mime/jsmime/test/test_header.js#629 |627# // Some interesting headers found in the wild: |628# // Invalid base64 text. We decide not to decode this word. It belongs to Bug 959309. But I can't find that 'decision process' there. Since this test produces only nonsense, I will replace it.
The same patch. Just with a test.
Comment on attachment 9034573 [details] [diff] [review] Allow SPACES inside of MIME words Yes, I would have imagined test failures on the existing code base. I'm surprised that you just had to make the test more lenient and then the decoding already worked out of the box. Strange coincidence, just today I received: =?UTF-8?B?RGlzZnJ1dGEgZGUgbG9zIG1lam9yZXMgcGxhbmVzIGVuIHR1IGNpdWRhZCBhbCBtZW 5vciBwcmVjaW8=?= I'll won't know which good SPAM offer I missed here :-( [Triage Comment] [Triage Comment]
Pushed by firstname.lastname@example.org: https://hg.mozilla.org/comm-central/rev/0498136de604 Be more tolerant of spaces in base64-encoded RFC 2047 tokens. r=jorgk
Status: NEW → RESOLVED
Last Resolved: 5 months ago
Resolution: --- → FIXED
(Like always) I've taken the liberty to tweak the commit message and a comment ;-) Thanks Alfred! Oh, another test suite to check is mach xpcshell-test comm/mailnews/mime/test/unit/ on top of mach xpcshell-test comm/mailnews/mime/jsmime/test
Target Milestone: --- → Thunderbird 66.0
You need to log in before you can comment on or make changes to this bug.