https://bugs.kde.org/show_bug.cgi?id=422616
JanKusanagi changed:
What|Removed |Added
CC||jan-b...@gmx.co.uk
--- Comment #9 from
https://bugs.kde.org/show_bug.cgi?id=422616
--- Comment #8 from Konrad Materka ---
(In reply to David Edmundson from comment #4)
> > "textFormat: Text.AutoText",
>
> has been repeatedly problematic with regards to security.
>
> It'll process http://...; and for us loading any network
https://bugs.kde.org/show_bug.cgi?id=422616
--- Comment #7 from Konrad Materka ---
*** Bug 423125 has been marked as a duplicate of this bug. ***
--
You are receiving this mail because:
You are watching all bug changes.
https://bugs.kde.org/show_bug.cgi?id=422616
Piotr Mierzwinski changed:
What|Removed |Added
CC||piotr.mierzwin...@gmail.com
--- Comment #6
https://bugs.kde.org/show_bug.cgi?id=422616
--- Comment #5 from Nate Graham ---
Perhaps we could use Text.StyledText instead? That would allow applets to use
some basic styling without the performance and security issues associated with
Text.AutoText. Or does StyledText still allow external and
https://bugs.kde.org/show_bug.cgi?id=422616
--- Comment #4 from David Edmundson ---
> "textFormat: Text.AutoText",
has been repeatedly problematic with regards to security.
It'll process http://...; and for us loading any network request
without user expectation is frowned upon.
--
You
https://bugs.kde.org/show_bug.cgi?id=422616
--- Comment #3 from Konrad Materka ---
Both affected apps are 3rd-party, using SNI (not an applet/plasmoid). Several
apps are using HTML in tooltips.
System tray uses PlasmaCore.ToolTipArea and relays on "textFormat:
Text.AutoText", for SNI icons -
https://bugs.kde.org/show_bug.cgi?id=422616
Nate Graham changed:
What|Removed |Added
Version|master |5.71.0
Target Milestone|1.0
