Bug 320172

Summary: Hacking kmail
Product: [Applications] kmail2 Reporter: BRULE Herman <alpha_one_x86>
Component: UIAssignee: kdepim bugs <kdepim-bugs>
Status: RESOLVED FIXED    
Severity: normal CC: montel
Priority: NOR    
Version: 4.10.3   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: http://commits.kde.org/kdepim/c076a3caa45b2db162287c0f469431b37f050ebd Version Fixed In: 4.11
Sentry Crash Report:
Attachments: Screenshot of the hack
Exemple mail

Description BRULE Herman 2013-05-23 13:10:31 UTC 
Hello, the email css is applied to the kmail html header when I'm reading.
Then you can hack kmail by css display:none; to hide the part of the header (receipente), put trusted inco into the header + put the header in green...
Thanks to avoid it.

Reproducible: Always
Comment 1 Laurent Montel 2013-05-23 13:16:02 UTC 
need a testcase a screenshot to explain it more.
Thanks
Comment 2 BRULE Herman 2013-05-23 13:27:09 UTC 
Created attachment 80038 [details]
Screenshot of the hack
Comment 3 BRULE Herman 2013-05-23 13:28:05 UTC 
Created attachment 80039 [details]
Exemple mail
Comment 4 Laurent Montel 2013-05-29 07:58:57 UTC 
your testcase doesn't change color to green.
Comment 5 BRULE Herman 2013-05-29 08:08:53 UTC 
No, do later to test. But alter the header (after change to green, resize the header, ... is same, should not appen)
Comment 6 Laurent Montel 2013-06-28 11:29:27 UTC 
Git commit c076a3caa45b2db162287c0f469431b37f050ebd by Montel Laurent.
Committed on 28/06/2013 at 11:28.
Pushed by mlaurent into branch 'master'.

Fix Bug 320172 - Hacking kmail

FIXED-IN: 4.11

M  +4    -1    messageviewer/tests/data/encapsulated-with-attachment.mbox.html
M  +4    -1    messageviewer/tests/data/forward-openpgp-signed-encrypted.mbox.html
M  +4    -1    messageviewer/tests/data/html.mbox.html
M  +4    -1    messageviewer/tests/data/htmlonly.mbox.html
M  +4    -1    messageviewer/tests/data/inlinepgpencrypted-appendix.mbox.html
M  +4    -1    messageviewer/tests/data/inlinepgpencrypted.mbox.html
M  +4    -1    messageviewer/tests/data/no-content-type.mbox.html
M  +4    -1    messageviewer/tests/data/openpgp-encrypted.mbox.html
M  +4    -1    messageviewer/tests/data/openpgp-signed-encrypted.mbox.html
M  +4    -1    messageviewer/tests/data/openpgp-signed-mailinglist.mbox.html
M  +4    -1    messageviewer/tests/data/signed-forward-openpgp-signed-encrypted.mbox.html
M  +4    -1    messageviewer/tests/data/smime-encrypted-octet-stream.mbox.html
M  +4    -1    messageviewer/tests/data/smime-encrypted.mbox.html
M  +4    -1    messageviewer/tests/data/smime-signed-encrypted.mbox.html
M  +4    -1    messageviewer/tests/data/text+html-maillinglist.mbox.html
M  +4    -1    messageviewer/tests/data/tnef-one-file.mbox.html
M  +4    -1    messageviewer/tests/data/tnef-two-files.mbox.html
M  +4    -1    messageviewer/viewer/csshelperbase.cpp

http://commits.kde.org/kdepim/c076a3caa45b2db162287c0f469431b37f050ebd