kMail does not escape the "Sender" headers contents properly before interpreting the mail text as HTML. This issue basically is the same as Bug 361173 (Disposition-Notification-To not correctly escaped in message viewer), just with a different header - maybe the same problem still lingers for other headers as well? Here follows an excerpt of a message's "view source / HTML" view: ------------------------------------------------------------------- <div class="row"> <div class="headerleft">Sender:</div> <div class="headerright">Gunter Ohrner <senderaddress@example.com></senderaddress@example.com></div> </div> ------------------------------------------------------------------- The original "Sender" header contained "Gunter Ohrner <senderaddress@example.com>" and the brackets should have been escaped instead of being interpreted as HTML tags... Also, for other headers which may contain mail addresses, those addresses are converted to links by kMail, which would also be a good idea for "Sender" header. (I think this is not done for the "Disposition-Notification-To" after the fix, for whatever reason?)
Additional info: I'm currently using the "kMail 5.2" header style, as my kMail 5.4.1 does not offer any other at the moment...
Hi, is it possible to provide test case ? Thanks regards
Created attachment 104399 [details] Example Message A tiny example message is attached. HTML control character can possibly be contained in most header fields, I guess, so those probably should be escaped by default in general and independent of the currently selected header style. In addition, detected mail addresses probably should always be crosslinked. (Which, for example, does not seem to be the case for the Disposition-Notification-To header field.)
Git commit 3b0126cd9d716091f53b26cd0f03e9ced624126b by Montel Laurent. Committed on 06/03/2017 at 12:30. Pushed by mlaurent into branch 'Applications/16.12'. Fix Bug 377247 - kMail 2 does not properly escape header FIXED-IN: 5.4.3 M +1 -1 messageviewer/src/header/grantleeheaderformatter.cpp https://commits.kde.org/messagelib/3b0126cd9d716091f53b26cd0f03e9ced624126b