Package: geany-plugin-markdown Version: 1.37+dfsg-6 Severity: important Dear maintainer,
when rendering external references, see example below, the markdown
plugin happily connects to the network to fetch that ressource. I
consider this a privacy issue, also that might result in different
appearence in different places, and if things go horribly wrong, remote
code execution via malicious content.
How to repeat:
Enter the following text in a document named .md:
Check the "Markdown Preview"
Expected: A placeholder, possibly a warning about external references
and an option to resolve them. Possibly somewhat like the Thunderbird
mail client does.
Got: The Debian logo as received from that website.
There should be a configuration item that controls the behaviour of
fetching external content. If it already exists, it is well hidden. And
the default should be to *not* fetch data.
Regards,
Christoph
-- System Information:
Debian Release: 11.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
signature.asc
Description: PGP signature
