Closed Bug 370552 Opened 17 years ago Closed 12 years ago

Remote images are displayed in Composer when forwarding messages even with Simple (Sanitized) HTML enabled

Categories

(SeaMonkey :: MailNews: Composition, defect)

Product:
SeaMonkey
Component:
MailNews: Composition
Version:
SeaMonkey 1.1 Branch
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: glen, Unassigned)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.2pre) Gecko/20070111 SeaMonkey/1.1
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.2pre) Gecko/20070111 SeaMonkey/1.1

When forwarding an email which has remotely hosted embedded images, the images are displayed regardless of the "Message Body As" setting.


Reproducible: Always

Steps to Reproduce:
1. Set "Message Body As" to "Simple HTML".
2. Open a message with remote embedded image and see the images are blocked.
3. Click "Forward" and see the images are loaded.
Actual Results:  
Images are displayed.

Expected Results:  
Images are blocked.
This is because the Simple HTML setting is a view setting, when reading mail (View | Message Body As | Simple HTML). The forwarded message still contains all the HTML, and the Composer apparently simply shows them, it does not implement the saniziter like the messager viewer does.

So, this is a missing feature.
Options:
- Make Composer use Sanitizer (possibly optional, probably based on same pref/UI)
- Sanitize the forwarded HTML when composing the forward. This would happen before the Composer is hit, and would also change the message that is sent. This may need to be optional, too.
I think the latter is desirable.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Remote images are displayed when forwarding messages even with Simple HTML enabled → Remote images are displayed in Composer when forwarding messages even with Simple HTML enabled
Can you reproduce with SeaMonkey v1.1.9 ?
Can you reproduce with SeaMonkey v2.0a1pre ?
Assignee: composer → nobody
QA Contact: composer
Version: unspecified → SeaMonkey 1.1 Branch
We could use that even with all messages, to protect the recipient from malicious JavaScript from the original sender.
Summary: Remote images are displayed in Composer when forwarding messages even with Simple HTML enabled → Remote images are displayed in Composer when forwarding messages even with Simple (Sanitized) HTML enabled
Can't reproduce on trunk, feel free to reopen if you still see this. Also, moving to right component.
User agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/16.0 Firefox/16.0 SeaMonkey/2.13a1
Build identifier: 20120712003002
Status: NEW → RESOLVED
Closed: 12 years ago
Component: Composer → MailNews: Composition
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.