[Tickets #3900] NEW: Reply To is not escaped properly
bugs@bugs.horde.org
bugs at bugs.horde.org
Mon May 8 10:51:02 PDT 2006
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=3900
-----------------------------------------------------------------------
Ticket | 3900
Created By | phyre at rogers.com
Summary | Reply To is not escaped properly
Queue | IMP
Version | 4.1.1
State | Unconfirmed
Priority | 1. Low
Type | Bug
Owners |
-----------------------------------------------------------------------
phyre at rogers.com (2006-05-08 10:51) wrote:
An e-mail containing:
Reply-To: <user at domain.com>
Appears in the message view with the 'Reply-To:' column visible [as it
should] however does not parse/escape this field.
The result is a <user at domain.com> being embedded in the html of the message.
In theory, one could probably find a way to put html into the reply-to
address and mess with display or even add a security issue.
Ideally, the reply-to field should be shown as an e-mail link in the same
way that the from address should, and should not simply be copied into the
html of the page.
[note- this issue may affect other fields as well? Haven't looked into it
just yet, but <> in headers should always be changed to <>.
In this case, it'd be best to interpret it as an e-mail address however.
More information about the bugs
mailing list