[dolphin] [Bug 480190] Dolphin QML HTML injection

Jonathan Marten Wed, 07 Feb 2024 00:51:37 -0800

https://bugs.kde.org/show_bug.cgi?id=480190


Jonathan Marten <j...@keelhaul.me.uk> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |j...@keelhaul.me.uk

--- Comment #3 from Jonathan Marten <j...@keelhaul.me.uk> ---
Created attachment 165640
  --> https://bugs.kde.org/attachment.cgi?id=165640&action=edit
Example screen shot

Maybe what the reporter means is that it is possible to inject HTML into the
error message displayed when a file or folder does not exist, as shown in the
screen shot if Dolphin is started with the command line

   dolphin "<img src='file:/tmp/kde.png'/><br><H1>HTML Injection</h1>" 

However, there is no obvious exploit either remotely or by viewing an exploit
file name or file contents, so it is not likely to be a securiry risk.

-- 
You are receiving this mail because:
You are watching all bug changes.

[dolphin] [Bug 480190] Dolphin QML HTML injection

Reply via email to