Bug 421216

Summary: Notepad widget allows rich text to be pasted
Product: [Applications] kleopatra Reporter: Ian Schwarz <m_105>
Component: generalAssignee: Andre Heinecke <aheinecke>
Status: RESOLVED FIXED    
Severity: normal CC: kdepim-bugs, mutz
Priority: NOR    
Version: git master   
Target Milestone: ---   
Platform: Other   
OS: All   
Latest Commit: https://invent.kde.org/pim/kleopatra/commit/089ae0574b15bcabcf67aa8a01511864995ad870 Version Fixed In:
Sentry Crash Report:
Attachments: Rich text document with signed message

Description Ian Schwarz 2020-05-09 09:30:59 UTC 
Created attachment 128273 [details]
Rich text document with signed message

When posting from a rich text source (e.g. a browser or LibreOffice), Kleopatra's notepad widget will accept the formatting. For encrypted messages from such sources, verifying or decrypting may fail.

STEPS TO REPRODUCE
1. Download attached test file. It includes a PGP signed message with some formatting. I used this key to sign the message: https://keybase.io/iswz/pgp_keys.asc?fingerprint=618c5b0e104a3043b2fd520ad80a4cf9997f2abf
2. Copy and paste contents into Kleopatra's notepad and click "Decrypt / Verify Notepad".

OBSERVED RESULT

With certificate:
Ian Schwarz <ian@datacube.xyz> (D80A 4CF9 997F 2ABF)
The signature is invalid: Bad signature

EXPECTED RESULT

Signature created on Samstag, 9. Mai 2020 11:21:33 CEST
With certificate:
Ian Schwarz <ian@datacube.xyz> (D80A 4CF9 997F 2ABF)
The signature is valid.

Removing the formatting by pasting into Kate before pasting it into Kleopatra's notepad leads to the verification succeeding.

I have created a pull request on GitHub (https://github.com/KDE/kleopatra/pull/1), but since most KDE projects don't accept pull requests on GitHub, I am also posting it here.
Comment 1 Andre Heinecke 2020-06-08 13:35:03 UTC 
Git commit 089ae0574b15bcabcf67aa8a01511864995ad870 by Andre Heinecke.
Committed on 08/06/2020 at 13:33.
Pushed by aheinecke into branch 'master'.

Do not accept rich text in notepad

Accepting rich text breaks too often better to
convert to plain before this.
GnuPG-Bug-Id: T4969

M  +1    -0    src/view/padwidget.cpp

https://invent.kde.org/pim/kleopatra/commit/089ae0574b15bcabcf67aa8a01511864995ad870