| Summary | Reply To is not escaped properly |
| Queue | IMP |
| Queue Version | 4.1.1 |
| Type | Bug |
| State | Resolved |
| Priority | 3. High |
| Owners | Horde Developers (at) |
| Requester | phyre (at) rogers (dot) com |
| Created | 05/08/2006 (6971 days ago) |
| Due | |
| Updated | 05/10/2006 (6969 days ago) |
| Assigned | 05/09/2006 (6970 days ago) |
| Resolved | 05/10/2006 (6969 days ago) |
| Github Issue Link | |
| Github Pull Request | |
| Milestone | |
| Patch | No |
State ⇒ Resolved
State ⇒ Feedback
State ⇒ Assigned
Priority ⇒ 1. Low
Type ⇒ Bug
Summary ⇒ Reply To is not escaped properly
Queue ⇒ IMP
State ⇒ Unconfirmed
Reply-To: <user@domain.com>
Appears in the message view with the 'Reply-To:' column visible [as it
should] however does not parse/escape this field.
The result is a <user@domain.com> being embedded in the html of the
message. In theory, one could probably find a way to put html into
the reply-to address and mess with display or even add a security issue.
Ideally, the reply-to field should be shown as an e-mail link in the
same way that the from address should, and should not simply be copied
into the html of the page.
[note- this issue may affect other fields as well? Haven't looked
into it just yet, but <> in headers should always be changed to
<>.
In this case, it'd be best to interpret it as an e-mail address however.