Closed Bug 91174 Opened 24 years ago Closed 23 years ago

Forwarding inline a mail that contains the text <iframe> generate a real frame!

Categories

(MailNews Core :: Composition, defect)

Product:
MailNews Core
Component:
Composition
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED DUPLICATE of bug 146584
Milestone:
mozilla1.2alpha

People

(Reporter: bugzilla, Assigned: bugzilla)

References

Details

Attachments

(1 file)

message to reproduce the problem
4.73 KB, text/plain
Details
When forwarding inline the message that I'll attach soon, the text <iframe> get converted to a real HTML frame!
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla1.0
*** Bug 91718 has been marked as a duplicate of this bug. ***
Target Milestone: mozilla1.0 → mozilla1.2
If I receive a plain text email like "My email is <foo@bar.com>." Mozilla will render that email address as a "mailto:" hyperlink. If I then forward the plain text email inline, the text will read "My email is ." (The email address is converted to a space.) Should I consider my problem a dup of this bug or enter a new bug?
I just came across this bug myself (and the dupe 91718). This bug is way more general than the summary indicates. We interpret and render all html code within a plain text message when we choose to forward. Thankfully we won't interpret JS (or at least i couldn't get it to do so), but everything else worked. For instance: 1. Copy the following into a mail message and send it to yourself even as plain text: <html> <body> <table> <tr> <td> <img src="http://people.netscape.com/claudius/images/buggin.gif"> </td> <td> Why am I actually rendered inside a table? </td> </tr> </table> </body> </html> 2. If you sent it plain text switch the pref back to compose as html. 3. Click forward message on the message you just sent yourself. 4. The table and image and text in the table is nicely rendered! I couldn't think of any sort of exploit right away but it seems like we're inviting trouble and shouldn't be interpreting plain text as html in this instance - just like we don't when you hit 'Reply-to' instead of forward.
OS: Windows NT → All
Hardware: PC → All
Adding Mitch: Any security concern here?
*** This bug has been marked as a duplicate of 146584 ***
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
verified as dup
Status: RESOLVED → VERIFIED
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: