Bug 52223 - Tooltip popup interprets subject as HTML
Summary: Tooltip popup interprets subject as HTML
Status: RESOLVED FIXED
Alias: None
Product: kmail
Classification: Unmaintained
Component: message list (show other bugs)
Version: 1.4.3
Platform: unspecified Linux
: NOR minor
Target Milestone: ---
Assignee: kdepim bugs
URL:
Keywords: triaged
: 111038 (view as bug list)
Depends on:
Blocks:
 
Reported: 2002-12-23 14:57 UTC by elonen
Modified: 2009-08-05 21:47 UTC (History)
7 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:


Attachments
Screenshot of the bug (6.01 KB, image/png)
2002-12-23 15:02 UTC, elonen
Details
implements the custom tooltip scheme (2.96 KB, patch)
2003-08-06 11:39 UTC, elonen
Details
tooltip with pre tag being rendered (17.17 KB, image/jpeg)
2004-04-26 08:52 UTC, CiAsA Boark
Details

Note You need to log in before you can comment on or make changes to this bug.
Description elonen 2002-12-23 14:57:50 UTC
Version:           1.4.3 (using KDE 3.0.4)
Installed from:     (testing/unstable)
Compiler:          gcc version 2.95.4 20011002 (Debian prerelease)
OS:          Linux (i686) release 2.4.19

If a message subject contains HTML code that represents an image, the tooltip that pops up above it apparently tries to render the image. If it actually loads the image, this is a security/privacy risk and if not, a visual nuisance.
Comment 1 elonen 2002-12-23 15:02:19 UTC
Created attachment 648 [details]
Screenshot of the bug

The cursor is not visible in the screenshot since ksnapshot doesn't capture it.
It should be above the hilighted title of the message.
Comment 2 luci 2003-01-13 12:47:06 UTC
i'm confirming this "funny" bug. even just "<img>" is in the subject it renders a "black box" image in the tooltip! 
Comment 3 Ingo Klöcker 2003-01-18 20:13:39 UTC
Subject: Re:  Tooltip popup renders image URLs in message subject

KMail doesn't try to download the files the URLs point to. So this isn't 
a privacy risk but just a visual nuisance.

Comment 4 luci 2003-01-21 23:25:28 UTC
anyway at least e.g. this code in the message subject causes kmail to 
completely freeze on mouse over for tooltip: 
<img name="veeeeeeeery_large_image" width="30000" height="15000" /> 
Comment 5 elonen 2003-08-06 00:53:01 UTC
This seems to be mainly a QT problem, actually. QListView has an option to 
automatically show a tool tip for text items that don't fit in their cells. 
Unlike tool tip renderer, however, the cell renderer doesn't interpret text as 
"rich text". 
 
'QStyleSheet::escape(...)' in 'text(int)' would thus fix the bug for tool tips 
but introduce a new one for the list view (e.g. '<' would be displayed as 
'&lt;'). 
 
Comment 6 Ingo Klöcker 2003-08-06 01:59:33 UTC
The following is what the Trolls had to say about this: 
===== 
Since it is not possible to just turn off the rich text handling for 
QToolTips in this listview, this leaves us with two ways to resolve 
this issue.  One being to just turn off the showToolTips() 
functionality for this listview by using: 
 
  http://doc.trolltech.com/3.1/qlistview.html#setShowToolTips 
 
The alternative is to handle the tooltips yourself, this way you can 
parse the text and then escape the <>'s so that it shows them as 
ordinary <>'s instead of trying to show it as an image.  For more 
information about QToolTip see: 
 
  http://doc.trolltech.com/3.1/qtooltip.html 
 
Other than that there is nothing much you can do I am afraid. 
===== 
 
So we can now decide whether we want to go for the easy or for the hard solution. I'll 
downgrade the bug to a wish since this isn't a bug in KMail but (IMO) a misbehavior of 
QToolTip. 
 
Comment 7 elonen 2003-08-06 11:39:04 UTC
Created attachment 2163 [details]
implements the custom tooltip scheme

This patch implements the custom tooltip scheme and seems to work fine BUT I
have slight doubts about the following chunk:

  @@ -90,13 +92,15 @@
   public:
       int mMsgId;
       QString mKey;
  +  bool mTruncated;
     // WARNING: Do not add new member variables to the class

;)
Does anyone know why the warning is there? Kmail works fine with the added
member and the class definition is in a .cpp file so it doesn't look like a
binary backwards compatibility issue.
Comment 8 elonen 2004-04-07 10:28:32 UTC
Ping. (There's an 8 months old patch fixing this issues, but nobody's apparently reviewed it yet.)
Comment 9 CiAsA Boark 2004-04-26 08:52:38 UTC
Created attachment 5788 [details]
tooltip with pre tag being rendered

This is a screenshot of the <pre> tag also being rendered in a tooltip.  Are
all html tags rendered in QToolTips?
Comment 10 Gunter Ohrner 2004-08-03 01:45:44 UTC
I just noticed this behaviour in kMail and just wondered if something like the <applet>-tag might work inside a subject? That'd be really bad but from the comments above I got the impression that only a subset of tags with visual effects are interpreted/rendered?
What about the patch proposed by elonen@iki.fi?
Comment 11 Roger Larsson 2004-08-05 18:44:36 UTC
Saw this strange behavior myself.
Retested #4 - it does not freeze anymore, but the complete screen flashes in a strange way...

Ingo, I would say that this is a bug in the kmail application (it does not
matter that the problem really is in the library used...). But it is not a
serious bug either - I set it to minor.

The easiest solution might be to filter the string before setting the tool tip?
Comment 12 Andreas Gungl 2005-09-24 20:30:19 UTC
*** Bug 111038 has been marked as a duplicate of this bug. ***
Comment 13 Thomas McGuire 2007-08-16 12:32:04 UTC
*** Bug 148872 has been marked as a duplicate of this bug. ***
Comment 14 Jaime Torres 2008-08-29 20:19:52 UTC
In kmail 1.10 (kde 4.1) 
* the <img> tag is not rendered in the tooltip
* the big <img> of comment #4 does not makes it to freeze neither to flash, and
* the <pre> tag is not rendered as such in the tooltip
Comment 15 Michael Leupold 2008-11-07 16:15:50 UTC
I can still reproduce part of this bug:
If I send myself a message containing "<img name="veeeeeeeery_large_image" width="30000" height="15000" />" in its subject and getting the tooltip, kmail starts leaking memory (I killed it at around 1.5 GiB).
Comment 16 Martin Fitzpatrick 2009-04-04 20:26:08 UTC
(KDE 4.2.2) You can reproduce this behaviour also by putting &amp; into the subject header - the tooltip shows a plain '&' rather than the text that is actually in the subject type. Is it possible to escape the subject header before rendering it into a html tooltip?
Comment 17 Martin Koller 2009-08-01 17:09:02 UTC
SVN commit 1005635 by mkoller:

BUG: 52223

escape subject text when generating the tooltip to avoid
using/executing HTML code existing in the subject text


 M  +2 -1      view.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1005635
Comment 18 Thomas McGuire 2009-08-05 21:47:30 UTC
SVN commit 1007467 by tmcguire:

Backport r1005635 by mkoller from trunk to the 4.3 branch:

CCBUG: 52223

escape subject text when generating the tooltip to avoid
using/executing HTML code existing in the subject text



 M  +2 -1      view.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1007467