https://bugs.kde.org/show_bug.cgi?id=382243
Bug ID: 382243
Summary: Does not sanitize HTML in device names
Product: kdeconnect
Version: 1.5
Platform: openSUSE RPMs
OS: Linux
Status: UNCONFIRMED
Severity: major
Priority: NOR
Component: common
Assignee: albertv...@gmail.com
Reporter: fab...@ritter-vogt.de
Target Milestone: ---
By calling my device "<h1>BIG FONT</h1>" and sending unauthorized pings to
other devices, they parse and display it as HTML. Works with img, a, etc. as
well.
This affects every place where the label is displayed (notification, label in
the kcm, plasmoid), except the list of available devices in the kcm.
--
You are receiving this mail because:
You are watching all bug changes.
