Version: (using KDE KDE 3.4.0) Installed from: Debian testing/unstable Packages OS: Linux Hi! Kopete does not seem to HTML-escape incoming chat messages, interpreting arbitrary HTML send by another client. Tested with another Kopete and LICQ CVS on the "remote end", "<" and ">" brackets sent to my and any text between is swallowed while a HTML entity referencre entered in the remote client (eg. ü) is displayed as the corresponding character by my kopete... Greetings, Gunter
This problem is protocol dependent. Can you say with which protocol you observed this beaviour?
Sorry, I didn't know. It happened with ICQ (Oscar Plugin). Kopete even shows complete HTML forms in the chat window if HTML-code is entered on the remote side. Looks funky. ;) I could imagine that this might become a potential security hole if specially crafted HTML-whatever-code is sent to Kopete... Greetings, Gunter
sometimes i wish we didn't use an HTML widget to display things...
CVS commit by mattr: Use escaped body all the time. Fixes bug 102383 CCBUG: 102383 M +1 -4 oscarcontact.cpp 1.171 --- kdenetwork/kopete/protocols/oscar/oscarcontact.cpp #1.170:1.171 @@ -183,7 +183,4 @@ void OscarContact::slotSendMsg( Kopete:: Oscar::Message message; - if ( account()->engine()->isIcq() ) - message.setText( msg.plainBody() ); - else message.setText( msg.escapedBody() );
CVS commit by mattr: Use the escaped body of the message all the time. Fixes #102383. The fix will be in KDE 3.4.1 BUG: 102383 M +1 -4 oscarcontact.cpp 1.166.4.4 --- kdenetwork/kopete/protocols/oscar/oscarcontact.cpp #1.166.4.3:1.166.4.4 @@ -183,7 +183,4 @@ void OscarContact::slotSendMsg( Kopete:: Oscar::Message message; - if ( account()->engine()->isIcq() ) - message.setText( msg.plainBody() ); - else message.setText( msg.escapedBody() );
*** Bug 102333 has been marked as a duplicate of this bug. ***
*** Bug 111928 has been marked as a duplicate of this bug. ***