| Summary: | KTorrent doesn't escape HTML in torrent metadata | ||
|---|---|---|---|
| Product: | [Applications] ktorrent | Reporter: | Nagy Tibor <xnagytibor> |
| Component: | general | Assignee: | Joris Guisson <joris.guisson> |
| Status: | CONFIRMED --- | ||
| Severity: | normal | CC: | ulterno |
| Priority: | NOR | ||
| Version First Reported In: | 21.08.3 | ||
| Target Milestone: | --- | ||
| Platform: | Neon | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed/Implemented In: | ||
| Sentry Crash Report: | |||
| Attachments: |
Screenshot
Screenshot (tooltips) Screenshot (torrent groups) |
||
Created attachment 143272 [details]
Screenshot (tooltips)
Torrent name tooltips are also affected by this.
Created attachment 143278 [details]
Screenshot (torrent groups)
I know it's not metadata but the custom torrent groups feature is also plagued by this.
Confirmed in master. Thankfully, the places where this happens, it doesn't seem to be downloading http resources. Problematically, the Info tab (where the comment is shown) has neither a scroll-space nor a height restriction, meaning, if you use too large a picture for testing the bug, it will cause the whole window to get out of the screen and not even maximising the window will help. We need an "Esc" to close the bottom panels. BUG:502921 Also, while reproducing this bug in master, I came across BUG:502919 |
Created attachment 143270 [details] Screenshot SUMMARY KTorrent currently doesn't escape HTML from the torrents' comment metadata field. This is not a great idea. SOFTWARE/OS VERSIONS Operating System: KDE neon 5.23 KDE Plasma Version: 5.23.2 KDE Frameworks Version: 5.87.0 Qt Version: 5.15.3 Graphics Platform: X11