Ignore meta refresh in HTML mails

[sqozz]

Hello all together.
Today i've tried https://emailprivacytester.com/ to test the privacy leaks of my mail programs. K-9 was also tested and it turns out, that if you open a mail with a html meta refresh in it, it opens the desired URL fully automaticly with the default browser.
I don't know if this is a desired behaviour but i think, it is a huge potential risk for every user.
Maybe you can bind the loading of meta-tags with the request if a user wants to load pictures?

Greetings, sqozz

[cketti]

This will be fixed in the next major stable version.

#529

[philipwhiuk]

This still appears to break on master. Not sure why this was closed?

[cketti]

Works for me. Tested with master as of 833e1cc

[donid]

I have just installed K9 5.010 from play-store and tried emailprivacytester and it still opened the web-page - am I miss-understanding something here or should this issue still be open?

[hallexander]

They refer to this being fixed with "the next major stable version" which hasn't happened yet. I haven't found out when one is expected.

/Alexander

On July 8, 2016 3:46:56 PM GMT+02:00, donid notifications@github.com wrote:

I have just installed K9 5.010 from play-store and tried
emailprivacytester and it still opened the web-page - am I
miss-understanding something here or should this issue still be open?

---

You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
#712 (comment)

[donid]

Oh, since this issue is older than 12 months, I thought there must have been a major release. That's a pity - german c't magazine has criticized this behavior of K9 already in 2013 (Issue 25 Page 104 E-Mail client comparison) in addition to a man-in-the-middle vulnerability (I don't know, if that has been fixed). So, I guess I will have to find a different mail-client until a new major version is released.
Thanks