Premise:
As I'm changing the icon of my Application Menu in KDE, I opened the "Select Icon" dialog, I chose "Other icons", and "Browse". I get the Dolphin version of the "common open file dialog".

This dialog opens my home folder. In my home folder I have a sub-directory. This sub-directory contains a HTML file. The HTML file contains only a `<video>` tag with attribute `autoplay="true" loop="true" src="[..]`. (In my case `<video id="vidBanner" class="banner" autoplay="true" loop="true" src="https://static1.squarespace.com/static/5b5f03d47c93279793af2d46/t/5b86591bb8a045dcb8664a1c/1535531301739/short+commercial.mp4"></video>`)

Problem:
Dolphin's "common open file dialog" starts playing the video. I was baffled as sound was playing and I had no idea where it was coming from. I thought I was hacked or something.

If I remove the HTML file containing the `<video>`-tag, all behaves normal again.

The processes involved: thumbnail.so -> QtWebEngineProcess.

If video is being executed within the web page, I wonder what more can be executed.. and possibly exploited..
I have filed this bug as 'major' because I don't know how severe this issue actually is.. feel free to scale the severity down.

I'm using most recent version of KDE Neon 5.12.6, Frameworks 5.49.0, Qt 5.11.1.