Bug 332225

Summary: KMail follows META REFRESH in HTML mail without asking, creating potential security problems
Product: [Applications] kmail2 Reporter: Mike Schneider <mike2.schneider>
Component: generalAssignee: kdepim bugs <pim-bugs-null>
Status: RESOLVED NOT A BUG    
Severity: normal    
Priority: NOR    
Version First Reported In: 4.11.5   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
URL: https://emailprivacytester.com
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Mike Schneider 2014-03-16 19:33:52 UTC 
KMail asks for confirmation before displaying HTML formatted mail. It also asks for confirmation before loading external resources, but it does not aks before folowing a META REFRESH embedde din the HMTL mail, thereby creating a potential security problem as following a meta-refresh leads as much information as loading an external resource.

Suggestewd behaviour: when displaying HTML formatted mails, KMail should ask before following meta-refresh in the same was it asks before loading external images.

For demonstration of the issue, see https://emailprivacytester.com

Reproducible: Always