This can be observed in Dolphin 4.11.3 when a local HTML file is previewed which includes resources not on the local file system, such as inline images. The remote network resources are retrieved. Reproducible: Always Actual Results: The requests can be seen in a packet sniffer or, if errors occur retrieving files for the preview, on the TTY from which Dolphin was launched or a message in an error window. I forget which. The error messages are issued by kio_thumbnail . Expected Results: Resources on non local file systems should not be retrieved. Among the reasons is that it a security compromise, leaking information by unintended network requests. The user does not expect network retrievals to happen when browsing folders which may contain saved HTML files. The retrievals could be restricted to being on the same FS as the HTML file. Where the HTML file is retrieved over the network, it would be best to restrict retrievals to the same protocol and host. Alternatively, previewing an HTML file could not initiate retrieval of other files. Since this is a security issue, I've marked this report as 'major' severity.
I think this is the expected behavior. What if my html file uses a remote css file for styling? The thumbnail won't look anything like the page rendered in a browser. I'm also not sure if this is such a big security concern, it 'leaks' the same information as if you would open it in firefox. But I agree it's not ideal. Thank you for looking into this.
The HTML thumbnailer has been removed completely: https://phabricator.kde.org/D15095