-
-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ignore meta refresh in HTML mails #712
Comments
This will be fixed in the next major stable version. |
This still appears to break on master. Not sure why this was closed? |
Works for me. Tested with master as of 833e1cc |
I have just installed K9 5.010 from play-store and tried emailprivacytester and it still opened the web-page - am I miss-understanding something here or should this issue still be open? |
They refer to this being fixed with "the next major stable version" which hasn't happened yet. I haven't found out when one is expected. /Alexander On July 8, 2016 3:46:56 PM GMT+02:00, donid notifications@github.com wrote:
|
Oh, since this issue is older than 12 months, I thought there must have been a major release. That's a pity - german c't magazine has criticized this behavior of K9 already in 2013 (Issue 25 Page 104 E-Mail client comparison) in addition to a man-in-the-middle vulnerability (I don't know, if that has been fixed). So, I guess I will have to find a different mail-client until a new major version is released. |
Hello all together.
Today i've tried https://emailprivacytester.com/ to test the privacy leaks of my mail programs. K-9 was also tested and it turns out, that if you open a mail with a html meta refresh in it, it opens the desired URL fully automaticly with the default browser.
I don't know if this is a desired behaviour but i think, it is a huge potential risk for every user.
Maybe you can bind the loading of meta-tags with the request if a user wants to load pictures?
Greetings, sqozz
The text was updated successfully, but these errors were encountered: