When replying to a text message that contains HTML/JS/CSS code this code is executed instead of being quoted ! (security risk ?)

VERIFIED DUPLICATE of bug 173953

Status

MailNews Core
Composition
--
major
VERIFIED DUPLICATE of bug 173953
15 years ago
10 years ago

People

(Reporter: pascalc, Assigned: Jean-Francois Ducarroz)

Tracking

Trunk
x86
Windows XP

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

15 years ago
Build 2002101412 WinXP, tested with a new profile.

1 Send to yourself a  text email that contains code such as

hello,
<h1>this is a test</h1>

2 download this email and reply to it

expected result:

----
>hello,
><h1>this is a test</h1>
here is my reply
----

actual result:
-----
>hello,
>THIS IS A TEST
here is my reply
-----

the "This is a test" part is displayed as HTML

Note that I do not compose in HTML format and that I have Mozilla display
messages as text only.
This should be fixed in the next day or so...

*** This bug has been marked as a duplicate of 173953 ***
Status: NEW → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → DUPLICATE

Comment 2

15 years ago
v
Status: RESOLVED → VERIFIED
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.