A new bug discovered in Gmail affects the web app’s user experience by hiding the source address of an email, a situation that comes with an obvious potential for abuse.
Tampering with the ‘From:’ header by replacing some text with an <object>, <script> or <img> tag causes the interface to show a blank space instead of the sender’s address.
Bug makes sender info really hard to find
Software developer Tim Cotten found that Gmail fails to show the source of the message in areas that most users rely on to find this type of information.
According to his research, when dealing with a ‘From:’ header malformed in a specific way, Gmail leaves unpopulated the space where the sender’s details are typically shown and only the subject line is present for this entry.