[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Potential bug with image handling in MH 2.6.0?

On March 5, 2003 at 16:31, "Edward Wildgoose" wrote:

> I upgraded recently to 2.6.0 from a 2.4 version I think(?)  What I noticed
> is that some inline pictured pictures are being converted in a peculiar way.
...
> If you look at the very bottom picture (of a sailing boat), then the snippet
> of HTML from the original email is as follows (complete message available if
> it helps):
> 
> <DIV><FONT face=3DArial=20
> size=3D2>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
> p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
> ;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
> nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
> bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
> sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
> <IMG style=3D"WIDTH: 213px; HEIGHT: 279px" height=3D827 alt=3D"" =
> hspace=3D0=20
> src=3D"cid:002701c23ee6$1fe5cfb0$0100007f@your9hpe8b9zly"; width=3D266 =
> align=3Dbaseline=20
> border=3D0></FONT></DIV>
> 
> 
> I am pretty sure that the previous version of MHonarc handled this peculiar
> chunk of HTML "correctly", ie as a proportionally resized picture.

The problem is subtle and it appears to be an inconsistency with
mail composer software (I guess Outlook Express in this case) and
not with MHonArc.  Let's look at the IMG tag again:

  <IMG style="WIDTH: 213px; HEIGHT: 279px" height=827 alt=""
  -------------------^^^------------^^^   --------^^^
       hspace=0 src="cid:002701c23ee6$1fe5cfb0$0100007f@your9hpe8b9zly";
       width=266 align=baseline border=0>
  -----------^^^

I decode the quoted-printable text so it is more reabable.  Take
a look at the width/height settings in the style attribute vs the
width/height attribute values.  They are different.  By default, MHonArc
strips out style attributes for security reasons (to prevent XSS
exploits).  Therefore, it just leaves the width and height attributes,
266x827.

In MHonArc 2.4, the style attribute was probably not stripped by
default, but later versions do strip it to avoid XSS exploits.

Take extreme caution if you are considering allowing scripting markup
in your archives.  To work-around the problem and to not open up
you archives to XSS vulnerabilities, some custom coding would need
to be done.

--ewh

---------------------------------------------------------------------
To sign-off this list, send email to majordomo@mhonarc.org with the
message text UNSUBSCRIBE MHONARC-USERS
[Index of Archives]     [Bugtraq]     [Yosemite News]     [Mhonarc Home]