Bug 298677 - Website opened in tab can change font in Akregator's preview panel
Summary: Website opened in tab can change font in Akregator's preview panel
Status: RESOLVED FIXED
Alias: None
Product: akregator
Classification: Applications
Component: internal browser (show other bugs)
Version: unspecified
Platform: unspecified Linux
: NOR critical
Target Milestone: ---
Assignee: kdepim bugs
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-04-23 15:39 UTC by Christian Boltz
Modified: 2016-09-24 20:43 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:


Attachments
RSS feed to reproduce the issue (888 bytes, application/xml)
2012-04-23 15:40 UTC, Christian Boltz
Details
screenshot with correct (left) and modified (right) font (62.97 KB, image/png)
2012-04-23 15:40 UTC, Christian Boltz
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Christian Boltz 2012-04-23 15:39:28 UTC
I'm using the latest openSUSE KDE 4.8.2 packages (from KDE:Distro:Factory) and Akregator 4.8.2.

I was quite "surprised" to see a very different font than usual in Akregator's HTML preview area. It turned out that a page I had previously read in a tab changed the preview area's font.

I'll attach a RSS feed as (half a) reproducer and a screenshot with shows the normal and the changed font side by side. However you'll need the website http://www.thedailybeast.com/articles/2012/04/12/governor-jan-brewer-signs-arizona-s-extreme-new-abortion-law.html (linked in the reproducer RSS) to reproduce the issue - in other words: please check this before the page is modified or deleted ;-)

The only way to reset the font is to restart Akregator.

Reproducible: Always

Steps to Reproduce:
1. add the attached file as feed to Akregator (using file:///path/to/the/attached.rss)
2. select the article in this feed
3. in the preview area, click the "In Arizona gilt jetzt [...]" link to open it in a new tab
4. switch to the newly opened tab
5. switch back to the article overview and check the preview area
Actual Results:  
The website opened in a tab somehow changed the font in the preview area.

Expected Results:  
A website opened in a tab should NEVER be able to modify the preview area.

I'm rating this as critical because it could be a security issue. A website opened in a tab should never be able to modify the preview area, and I'm afraid it could change more than just the font...
Comment 1 Christian Boltz 2012-04-23 15:40:22 UTC
Created attachment 70604 [details]
RSS feed to reproduce the issue
Comment 2 Christian Boltz 2012-04-23 15:40:53 UTC
Created attachment 70605 [details]
screenshot with correct (left) and modified (right) font
Comment 3 Denis Kurz 2016-09-24 19:45:04 UTC
This bug has only been reported for versions before 4.14, which have been unsupported for at least two years now. Can anyone tell if this bug still present?

If noone confirms this bug for a Framework-based version of akregator (version 5.0 or later, as part of KDE Applications 15.08 or later), it gets closed in about three months.
Comment 4 Christian Boltz 2016-09-24 20:43:52 UTC
I can no longer reproduce this bug (Akregator 5.3.0, Frameworks 5.25.0), therefore I'm closing it as accidently ;-) fixed.