Bug 340689

Summary: HTML Injection in the preview window
Product: [Unmaintained] plasma4 Reporter: tesfabpel
Component: widget-taskbarAssignee: Plasma Bugs List <plasma-bugs-null>
Status: RESOLVED FIXED    
Severity: normal CC: hein
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: unspecified   
OS: Linux   
Latest Commit: http://commits.kde.org/plasma-desktop/906bc6648960135245b55977d45a412893fefca6 Version Fixed/Implemented In:
Sentry Crash Report:
Attachments: Screenshot of the problem
Another screenshot of the problem

Description tesfabpel 2014-11-06 17:31:17 UTC 
When you hover an item in the taskbar, a preview with the window's miniature appear along with the window's title.

If in the title there are HTML tags they will be interpreted as well and the result may be weird...


Reproducible: Always

Steps to Reproduce:
1. Hover an item in the taskbar with HTML tags in the title
2. A preview with the window's miniature appear along with the window's title

Actual Results:  
The HTML tags in the window's title are interpreted and not escaped.

Expected Results:  
The window's title should be HTML-escaped first.
Comment 1 tesfabpel 2014-11-06 17:34:11 UTC 
Created attachment 89479 [details]
Screenshot of the problem
Comment 2 tesfabpel 2014-11-06 17:44:27 UTC 
Created attachment 89480 [details]
Another screenshot of the problem
Comment 3 Eike Hein 2014-11-06 17:46:12 UTC 
Git commit 906bc6648960135245b55977d45a412893fefca6 by Eike Hein.
Committed on 06/11/2014 at 17:44.
Pushed by hein into branch 'Plasma/5.1'.

Don't parse window titles as rich text.

M  +3    -0    applets/taskmanager/package/contents/ui/ToolTipDelegate.qml

http://commits.kde.org/plasma-desktop/906bc6648960135245b55977d45a412893fefca6