[Tickets #1472] NEW: Replying to mail in HTML form leaves horde
related html in reply
bugs at bugs.horde.org
bugs at bugs.horde.org
Thu Mar 3 02:15:20 PST 2005
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=1472
-----------------------------------------------------------------------
Ticket | 1472
Created By | glen at delfi.ee
Summary | Replying to mail in HTML form leaves horde related html in reply
Queue | IMP
Version | 4.0.2
State | Unconfirmed
Priority | 2. Medium
Type | Bug
Owners |
-----------------------------------------------------------------------
glen at delfi.ee (2005-03-03 02:15) wrote:
The replied body contains html links rewritten to horde:
<a onmouseover="window.status='Compose Message
(user at domain.tld)'; return true;" onmouseout="window.status='';"
href="javascript:open_compose_win('to=user at domain.tld&thismailbox=INBOX.some
.mailbox');">user at domain.tld</a>
<a
href="/horde/services/go.php?url=http%3A%2F%2Fwww.delfi.ee%2F"
target="_blank">http://www.delfi.ee/</a><br />><br />><br />
This HTML is left to the final sent email, and it's rather invalid for users
not using horde to read their mail :)
And it's also somewhat security risk, as it "leaks" some information of IMAP
folder structure :
INBOX.some.mailbox
Reproduced using MSIE/6.0
More information about the bugs
mailing list