From 8e71cd6e56e75fa8fba5660cf7657e6a60ae6341 Mon Sep 17 00:00:00 2001
From: Thomas McGuire <mcguire@kde.org>
Date: Wed, 18 Mar 2009 12:26:52 +0000
Subject: [PATCH] Merged revisions 940769 via svnmerge from
 svn+ssh://tmcguire@svn.kde.org/home/kde/branches/KDE/4.2/kdepim

........
  r940769 | tmcguire | 2009-03-18 10:26:57 +0100 (Wed, 18 Mar 2009) | 8 lines

  Backport r940115 by tmcguire from trunk to the 4.2 branch:

  Make sure HTMl messages can not overwrite the header.

  CCBUG: 96557
  CCBUG: 96020
........

svn path=/branches/kdepim/enterprise4/kdepim/; revision=940863
---
 objecttreeparser.cpp | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/objecttreeparser.cpp b/objecttreeparser.cpp
index c88d7263f..625cf61a6 100644
--- a/objecttreeparser.cpp
+++ b/objecttreeparser.cpp
@@ -253,6 +253,12 @@ namespace KMail {
       node->setProcessed( false, true );
     }
 
+    // Make sure the whole content is relative, so that nothing is painted over the header
+    // if a malicious message uses absolute positioning.
+    bool isRoot = ( node->parentNode() == 0 );
+    if ( isRoot && mReader )
+      htmlWriter()->queue( "<div style=\"position: relative\">\n" );
+
     for ( ; node ; node = node->nextSibling() ) {
       if ( node->processed() )
         continue;
@@ -300,6 +306,9 @@ namespace KMail {
       if ( showOnlyOneMimePart() )
         break;
     }
+
+    if ( isRoot && mReader )
+      htmlWriter()->queue( "</div>\n" );
   }
 
   void ObjectTreeParser::defaultHandling( partNode * node, ProcessResult & result ) {