Summary: | [icq] raw html not escaped on receipt | ||
---|---|---|---|
Product: | [Unmaintained] kopete | Reporter: | Gunter Ohrner <kdebugs> |
Component: | ICQ and AIM Plugins | Assignee: | Kopete Developers <kopete-bugs-null> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | j_schaef, silver |
Priority: | NOR | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Platform: | Debian testing | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: | ||
Sentry Crash Report: |
Description
Gunter Ohrner
2005-03-24 18:57:58 UTC
This problem is protocol dependent. Can you say with which protocol you observed this beaviour? Sorry, I didn't know. It happened with ICQ (Oscar Plugin). Kopete even shows complete HTML forms in the chat window if HTML-code is entered on the remote side. Looks funky. ;) I could imagine that this might become a potential security hole if specially crafted HTML-whatever-code is sent to Kopete... Greetings, Gunter sometimes i wish we didn't use an HTML widget to display things... CVS commit by mattr: Use escaped body all the time. Fixes bug 102383 CCBUG: 102383 M +1 -4 oscarcontact.cpp 1.171 --- kdenetwork/kopete/protocols/oscar/oscarcontact.cpp #1.170:1.171 @@ -183,7 +183,4 @@ void OscarContact::slotSendMsg( Kopete:: Oscar::Message message; - if ( account()->engine()->isIcq() ) - message.setText( msg.plainBody() ); - else message.setText( msg.escapedBody() ); CVS commit by mattr: Use the escaped body of the message all the time. Fixes #102383. The fix will be in KDE 3.4.1 BUG: 102383 M +1 -4 oscarcontact.cpp 1.166.4.4 --- kdenetwork/kopete/protocols/oscar/oscarcontact.cpp #1.166.4.3:1.166.4.4 @@ -183,7 +183,4 @@ void OscarContact::slotSendMsg( Kopete:: Oscar::Message message; - if ( account()->engine()->isIcq() ) - message.setText( msg.plainBody() ); - else message.setText( msg.escapedBody() ); *** Bug 102333 has been marked as a duplicate of this bug. *** *** Bug 111928 has been marked as a duplicate of this bug. *** |