https://bugs.kde.org/show_bug.cgi?id=423020
Nate Graham <n...@kde.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Latest Commit| |https://invent.kde.org/plas
| |ma/plasma-nm/commit/3c660d8
| |e20bdea80b3613c02320d1688b6
| |77ad98
Version Fixed In| |5.19.2
Resolution|--- |FIXED
Status|ASSIGNED |RESOLVED
--- Comment #8 from Nate Graham <n...@kde.org> ---
Git commit 3c660d8e20bdea80b3613c02320d1688b677ad98 by Nate Graham.
Committed on 19/06/2020 at 01:15.
Pushed by ngraham into branch 'Plasma/5.19'.
[applet] Remove styled text support from list items
This fixes a security regression introduced with the ExpandableListItem
port which allowed styled text for the networ name. Unfortunately Qt's
styled text allows network access, and people could put malicious text
in SSID names.
The ExpandableListItem component has no way to allow styled text for the
subtitle but not the title, which is what the previous version did.
However styled text in the subtitle is only being used for colorizing
the arrows, which doesn't even work anymore because the colored arrows
get replaced with Emojis for most people now that distros are shipping
Emoji font support to make the Emoji Picker introduces in Plasma 5.18
work.
Because of this, we can fix the issue by turning off styled text support
entirely, and removing the arrow colorization. There won't even be any
visual changes for most people.
FIXED-IN: 5.19.2
M +1 -8 applet/contents/ui/ConnectionItem.qml
https://invent.kde.org/plasma/plasma-nm/commit/3c660d8e20bdea80b3613c02320d1688b677ad98
--
You are receiving this mail because:
You are watching all bug changes.
