When forwarding inline the message that I'll attach soon, the text <iframe> get converted to a real HTML frame!
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla1.0
*** Bug 91718 has been marked as a duplicate of this bug. ***
If I receive a plain text email like "My email is <firstname.lastname@example.org>." Mozilla will render that email address as a "mailto:" hyperlink. If I then forward the plain text email inline, the text will read "My email is ." (The email address is converted to a space.) Should I consider my problem a dup of this bug or enter a new bug?
I just came across this bug myself (and the dupe 91718). This bug is way more general than the summary indicates. We interpret and render all html code within a plain text message when we choose to forward. Thankfully we won't interpret JS (or at least i couldn't get it to do so), but everything else worked. For instance: 1. Copy the following into a mail message and send it to yourself even as plain text: <html> <body> <table> <tr> <td> <img src="http://people.netscape.com/claudius/images/buggin.gif"> </td> <td> Why am I actually rendered inside a table? </td> </tr> </table> </body> </html> 2. If you sent it plain text switch the pref back to compose as html. 3. Click forward message on the message you just sent yourself. 4. The table and image and text in the table is nicely rendered! I couldn't think of any sort of exploit right away but it seems like we're inviting trouble and shouldn't be interpreting plain text as html in this instance - just like we don't when you hit 'Reply-to' instead of forward.
OS: Windows NT → All
Hardware: PC → All
Adding Mitch: Any security concern here?
*** This bug has been marked as a duplicate of 146584 ***
Status: ASSIGNED → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → DUPLICATE
verified as dup
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.