Bug 495090

Summary: External References Are Loaded In Spite Of Not Checking That Option
Product: [Applications] kmail2 Reporter: Garry Williams <gtwilliams>
Component: generalAssignee: kdepim bugs <kdepim-bugs>
Status: REOPENED ---    
Severity: major CC: gaaf, ts+kde
Priority: NOR Keywords: regression
Version: 6.2.2   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Garry Williams 2024-10-20 13:52:13 UTC 
SUMMARY
When HTML is displayed in a preview window, external references (images) are automatically loaded, too.  I have always unchecked both HTML and load external.

This is a regression.

STEPS TO REPRODUCE
1.  Uncheck "Allow messages to load external references from the Internet
2.  Click "HTML Message" on left-hand side.
3. 

OBSERVED RESULT
All external references are immediately loaded

EXPECTED RESULT
No references should ever be loaded unless explicitly asked for.

SOFTWARE/OS VERSIONS
Operating System: Fedora Linux 40
KDE Plasma Version: 6.2.1
KDE Frameworks Version: 6.7.0
Qt Version: 6.7.2
Kernel Version: 6.11.3-200.fc40.x86_64 (64-bit)
Graphics Platform: X11
Processors: 8 × Intel® Core™ i7-8550U CPU @ 1.80GHz
Memory: 15.1 GiB of RAM
Graphics Processor: Mesa Intel® UHD Graphics 620
Manufacturer: Dell Inc.
Product Name: XPS 13 9370

ADDITIONAL INFORMATION
Comment 1 Alex Hermann 2024-10-21 10:50:08 UTC 
I can confirm the bug.

To add to the confusion, at the top of the email, the following message is still displayed:

"Note: This HTML message may contain external references to images etc. For security/privacy reasons external references are not loaded. If you trust the sender of this message then you can load the external references for this message by clicking here."

This bug/regression is a major security and/or privacy risk.

KMail Version 6.2.2 (24.08.2)
KDE Frameworks Version 6.6.0
Qt Version 6.7.2 (built against 6.7.2)
(all from Debian packages)
Comment 2 Garry Williams 2024-10-24 00:53:58 UTC 
I don't know what fixed it, but it's fixed.
Comment 3 Alex Hermann 2024-10-24 12:19:50 UTC 
Yeah, weird. Without updating packages, after restarting kmail and akonadi the bug doesn't show (atm).
Comment 4 Alex Hermann 2024-11-01 15:09:20 UTC 
I just experienced this bug again.

1) HTML message shown as raw html

2) Click:
> Note: This is an HTML message. For security reasons, only the raw HTML code is shown. If you trust the sender of this message then you can activate formatted HTML display for this message by clicking here.

3) HTML is shown formatted and external images are loaded
Also, the following message is shown, even though the external references are already loaded and displayed:
> Note: This HTML message may contain external references to images etc. For security/privacy reasons external references are not loaded. If you trust the sender of this message then you can load the external references for this message by clicking here.
Comment 5 Tim Schlotfeldt 2024-12-09 07:29:17 UTC 
Same here.

I've just consciously noticed this behavior for the first time.


SOFTWARE/OS VERSIONS
Operating System: Arch Linux (x86_64)
Qt Version: 6.8.1
KDE Frameworks Version: 6.8.0
KMail Verision: 6.2.3 (24.08.3)
Graphics Platform: Wayland