https://bugs.kde.org/show_bug.cgi?id=488910
Bug ID: 488910
Summary: html rendering on information panel.
Classification: Applications
Product: dolphin
Version: unspecified
Platform: Debian stable
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: panels: information
Assignee: dolphin-bugs-n...@kde.org
Reporter: akberbadsh...@gmail.com
CC: kfm-de...@kde.org
Target Milestone: ---
Created attachment 170765
--> https://bugs.kde.org/attachment.cgi?id=170765&action=edit
poc
***
If you're not sure this is actually a bug, instead post about it at
https://discuss.kde.org
If you're reporting a crash, attach a backtrace with debug symbols; see
https://community.kde.org/Guidelines_and_HOWTOs/Debugging/How_to_create_useful_crash_reports
***
SUMMARY
information panel treat text/informations like html. which leads to html
injection through file name.
STEPS TO REPRODUCE
1. take one exFat formated usb/drive
2. create a file on your linux machine with name `<h1>test` and copy this file
3. now go to exfat formated drive and paste the file.
4. it will give warning about special charecter on filename will be replaced
with underscore. but it will also treat the file name as html and render it
with given html tag
OBSERVED RESULT
Html rendered filename which means html injection
EXPECTED RESULT
escaped file name like other panels
SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Debian gnu/linux 12
(available in About System)
KDE Plasma Version: 5.27.5
KDE Frameworks Version: 5.103.0
Qt Version: 5.15.8
ADDITIONAL INFORMATION
--
You are receiving this mail because:
You are watching all bug changes.
