https://bugs.kde.org/show_bug.cgi?id=379294
Martin Sandsmark <martin.sandsm...@kde.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|CONFIRMED |RESOLVED
Resolution|--- |FIXED
--- Comment #12 from Martin Sandsmark <martin.sandsm...@kde.org> ---
> That said, even if untrusted text can display unfiltered hyperlinks, it's not
> more dangerous than a website as long as dangerous URLs are not automatically
> opened.
The whole point of the feature is to decouple what people see and what URL is
opened.
I think the fundamental difference between Egmont and me is where security
issues should be handled. I believe Konsole should be robust against even very
dumb issues in all other parts of the system (from applications showing URLs,
via applications that handle file:// or http{,s}:// URLs, to users).
For everything else I agree with Egmont, Konsole (nor other terminal emulators)
shouldn't try to implement hacks to work around bugs in applications. But when
it comes to security I'm a bit more conservative, and default to assume that
everything else is broken. Including users not checking that the URL they
thought they clicked is the one they ended up with in the browser.
And Konsole has also been a bit conservative wrt. security vs. features in the
past, hence why it has avoided some issues in the past
(https://www.hdm.io/writing/termulation.txt is probably the most famous,
hitting everything from xterm to gnome-terminal). And also why e. g. Konsole
has an annoying popup when you try to paste something with weird characters (it
has stopped warning about emojis at least): https://georg.so/pub/cat.html
Aaaanywho, Tomaz' implementation has been merged, so closing this as done.
--
You are receiving this mail because:
You are watching all bug changes.
