https://bugs.kde.org/show_bug.cgi?id=405593
Bug ID: 405593
Summary: Notification content is parsed and rendered as HTML
Product: plasmashell
Version: 5.15.3
Platform: Archlinux Packages
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: Notifications
Assignee: k...@privat.broulik.de
Reporter: mue...@gmail.com
CC: plasma-b...@kde.org
Target Milestone: 1.0
SUMMARY
Notification content is parsed, interpreted and rendered as HTML. This results
in various applications breaking notifications, trying to show a message that
contains the character "<", for example:
"Notification Test <gotcha - You can't see this"
This also sounds like a bit of a security risk: essentially I can trigger
rendering bugs (just thinking of WebKit's security track record) by sending
people direct messages now, which will cause HTML content to be rendered on
their systems.
--
You are receiving this mail because:
You are watching all bug changes.
