https://bugs.documentfoundation.org/show_bug.cgi?id=121711
Bug ID: 121711
Summary: LibreOffice apparently executes embedded website code
Product: LibreOffice
Version: 6.1.3.2 release
Hardware: All
OS: Linux (All)
Status: UNCONFIRMED
Severity: normal
Priority: medium
Component: Writer
Assignee: [email protected]
Reporter: [email protected]
Description:
I have an ODT document created from a web page years ago by using copy & paste.
When I open the ODT document now with LibreOffice 6.1.3.2 as of Debian Buster
(testing) 6.1.3-1, I get two error dialog popups "Error: General Error. General
input/output error." which lack any useful information. In the LibreOficce
document history I can see that LO tried to open a document named
"http:tweet_button.<hexadecimal code>.html".
I need to add that this behaviour is quite new, older versions of LibreOffice
apparently ignored the embedded code (which I can determine from the time to
load and display the document and, there was no error message).
I can only conclude that LibreOffice has tried to execute certain parts of
invisibly embedded JavaScript code or comparable code mechanisms.
Which is categorically undesirable. Copy & Paste should not embed active code.
ODT should not execute embedded website code which is unsuitable in office
documents.
Steps to Reproduce:
1. Load document.
2.
3.
Actual Results:
Waiting time. Two error pop-up dialogs. File history: Attempted tweet button
document load.
Expected Results:
Active elements (code) should be ignored in ODT loading.
Reproducible: Always
User Profile Reset: No
OpenGL enabled: Yes
Additional Info:
--
You are receiving this mail because:
You are the assignee for the bug._______________________________________________
Libreoffice-bugs mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
