Bug 340689 - HTML Injection in the preview window
Summary: HTML Injection in the preview window
Status: RESOLVED FIXED
Alias: None
Product: plasma4
Classification: Plasma
Component: widget-taskbar (show other bugs)
Version: unspecified
Platform: unspecified Linux
: NOR normal
Target Milestone: ---
Assignee: Plasma Bugs List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-11-06 17:31 UTC by tesfabpel
Modified: 2014-11-06 17:46 UTC (History)
1 user (show)

See Also:
Latest Commit: http://commits.kde.org/plasma-desktop/906bc6648960135245b55977d45a412893fefca6
Version Fixed In:

Attachments
Screenshot of the problem (81.88 KB, image/png)
2014-11-06 17:34 UTC, tesfabpel 		Details
Another screenshot of the problem (34.30 KB, image/png)
2014-11-06 17:44 UTC, tesfabpel 		Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description tesfabpel 2014-11-06 17:31:17 UTC 
When you hover an item in the taskbar, a preview with the window's miniature appear along with the window's title.

If in the title there are HTML tags they will be interpreted as well and the result may be weird...


Reproducible: Always

Steps to Reproduce:
1. Hover an item in the taskbar with HTML tags in the title
2. A preview with the window's miniature appear along with the window's title

Actual Results:  
The HTML tags in the window's title are interpreted and not escaped.

Expected Results:  
The window's title should be HTML-escaped first.
Comment 1 tesfabpel 2014-11-06 17:34:11 UTC 
Created attachment 89479 [details]
Screenshot of the problem
Comment 2 tesfabpel 2014-11-06 17:44:27 UTC 
Created attachment 89480 [details]
Another screenshot of the problem
Comment 3 Eike Hein 2014-11-06 17:46:12 UTC 
Git commit 906bc6648960135245b55977d45a412893fefca6 by Eike Hein.
Committed on 06/11/2014 at 17:44.
Pushed by hein into branch 'Plasma/5.1'.

Don't parse window titles as rich text.

M  +3    -0    applets/taskmanager/package/contents/ui/ToolTipDelegate.qml

http://commits.kde.org/plasma-desktop/906bc6648960135245b55977d45a412893fefca6