Make unexpected data leak harder via reply.
ObjectTreeParser.htmlContent/plainTextContent may concats different encrypted parts without the user noticing it. That would lead to a Decryption oracle. We have already a logic to find the topleveltextNode in MimeTreeParser, this does not take HTML nodes into account nor that TEXT nodes may have several PGP Inline blocks. That plaintextContent for HtmlMessagePart is not return QString(), that bubbled up by testing the stuff. BUG: 404698
parent
676893d2
Please register or sign in to comment