Closed Bug 303523 Opened 19 years ago Closed 19 years ago

"Do not load remote images ..." blocks enigmail

Categories

(SeaMonkey :: MailNews: Message Display, defect)

Product:
SeaMonkey
Component:
MailNews: Message Display
Version:
1.7 Branch
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: patrick.mairif, Unassigned)

References

Details

(Keywords: fixed1.7.13, regression)

Attachments

(1 file)

Indicate location for this issue/possible fix
763 bytes, patch
Bienvenu
: review+
darin.moz
: superreview+
dveditz
: approval1.7.13+
Details | Diff | Splinter Review 
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; de_DE; rv:1.7.10) Gecko/20050726
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; de_DE; rv:1.7.10) Gecko/20050726

The option "Do not load remote images ..." activated in mozilla 1.7.10 and 1.7.11 
blocks invokations of messenger.loadURL(..., "enigmail:xxx"). That causes
enigmail not decrypting/verifying PGP/MIME messages.

I posted this on the enigmail bugtracker first. see
http://bugzilla.mozdev.org/show_bug.cgi?id=11142 for details.

Reproducible: Sometimes

Steps to Reproduce:
1. set "Do not load remote images in Mail & Newsgroup messages"
2. restart mozilla
3. open PGP/MIME encrpyted or signed or encrypted/signed message and let
enigmail verify/decrypt it.

Actual Results:  
The encrypted Message is shown as attachment ("Part 1.1" and "encrpted.asc").
Signed messages are not verified.

Expected Results:  
Message signatures should be verified. Encrypted messages should decrypted inline.
Thanks to Norbert Warmuth for this patch.
It is to indicate the location for this issue (and a possible fix without
deactivating the ""Do not load remote images ..." option completely).
Somehow i don't like this fix (since it special-cases a extension in Mozilla
code), maybe someone can come up with a better fix...
David: Another fallout from Bug 294307?
Keywords: regression
Version: unspecified → 1.7 Branch

*** This bug has been marked as a duplicate of 300689 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Oops!  Sorry.
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---
yes, fallout, and the patch would fix it, but I really don't like hard-coding
enigmail in there either. Why is enigmail trying to run its own urls? Boris, any
ideas for allowing extensions to do this kind of thing in a general way? 
Not offhand, no. Darin, biesi, thoughts?  Note that in tbird this is not a
problem since tbird uses a protocol _blacklist_, effectively, but for suite on
the 1.7 branch a blacklist is not really acceptable.
I suppose you could invent a protocol handler flag...
Sorry, I don't know what to suggest.  I'd probably reluctantly add enigmail to
the list on the 1.7 branch since at least it solves the very real problem of a
busted enigmail in a very safe and minimal way.
The basic problem is that we somehow want to limit loading to the protocols we
know are "safe" in mailnews (that is, only the internal ones used by mailnews
itself)...  This could be a probmlem in tbird as well, if an extension that
implements a protocol handler is installed, btw -- the remote images check would
allow that protocol handler through, I suspect.
yeah, since it's for the 1.7.x branch, I guess I'm ok with that. But there will
need to be a fix for the seamonkey trunk when a fix for bug 294307 lands on the
trunk.
Status: UNCONFIRMED → NEW
Depends on: 294307
Ever confirmed: true
(In reply to comment #6)
> Why is enigmail trying to run its own urls?  

Enigmail uses this mechanism to load and display inline-PGP messages (i.e.
Content-Type "text/plain" or "multipart/mixed"). These messages would otherwise
be _very_ tricky to display nicely in decrypted form, since text/plain and
multipart/mixed are not content-types to be handled by Enigmail.

Given the many difficulties of inline-PGP all over the code, I suppose this was
considered an elegant way to display an inline-PGP message nicely (but that was
before I joined the team).

Comment on attachment 191677 [details] [diff] [review]
Indicate location for this issue/possible fix

So lets do it like this for 1.7 branch only? I do not like this, but i also see
no other easy solution for our code or the Enigmail code.
Attachment #191677 - Flags: review?(bienvenu)
Attachment #191677 - Flags: review?(bienvenu) → review+
Attachment #191677 - Flags: superreview?(darin)
Comment on attachment 191677 [details] [diff] [review]
Indicate location for this issue/possible fix

sr=darin (reluctantly)
Attachment #191677 - Flags: superreview?(darin) → superreview+
Attachment #191677 - Flags: approval1.7.12?
This isn't just a seamonkey problem, is it?  Thunderbird has the same issue any
time a protocol handler is installed and the relevant
network.protocol-handler.expose.* pref is not set.  If the pref _is_ set, then
links using that scheme can conceivably be used to retrieve remote content from
emails...  So there's no really safe way to add new protocols to mail that I can
see...
Comment on attachment 191677 [details] [diff] [review]
Indicate location for this issue/possible fix

a=dveditz for drivers, please add fixed1.7.13 keywords when checked in.
Attachment #191677 - Flags: approval1.7.13? → approval1.7.13+
fixed on moz 1.7 branch
Keywords: fixed1.7.13
Patrick: Since I don't have a mail profile set up in the Mozilla Suite with Enigmail on Linux, can you verify this fix in the Linux build dated 20060302-12?
Marcia, I'm not sure which Patrick you meant :-) Anyway, I tested the Linux build you mentioned, and it's working fine.
Status: NEW → RESOLVED
Closed: 19 years ago19 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: