445062 – KTorrent doesn't escape HTML in torrent metadata

Bug 445062 - KTorrent doesn't escape HTML in torrent metadata

Summary: KTorrent doesn't escape HTML in torrent metadata

Status:	REPORTED

Alias:	None

Product:	ktorrent
Classification:	Applications
Component:	general (show other bugs)
Version:	21.08.3
Platform:	Neon Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	Joris Guisson

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-11-06 06:43 UTC by Nagy Tibor
Modified:	2021-11-06 11:47 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Screenshot (460.83 KB, image/png) 2021-11-06 06:43 UTC, Nagy Tibor	Details
Screenshot (tooltips) (491.60 KB, image/png) 2021-11-06 07:47 UTC, Nagy Tibor	Details
Screenshot (torrent groups) (488.12 KB, image/png) 2021-11-06 11:47 UTC, Nagy Tibor	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Nagy Tibor 2021-11-06 06:43:33 UTC

Created attachment 143270 [details]
Screenshot

SUMMARY
KTorrent currently doesn't escape HTML from the torrents' comment metadata field. This is not a great idea.

SOFTWARE/OS VERSIONS
Operating System: KDE neon 5.23
KDE Plasma Version: 5.23.2
KDE Frameworks Version: 5.87.0
Qt Version: 5.15.3
Graphics Platform: X11

Comment 1 Nagy Tibor 2021-11-06 07:47:41 UTC

Created attachment 143272 [details]
Screenshot (tooltips)

Torrent name tooltips are also affected by this.

Comment 2 Nagy Tibor 2021-11-06 11:47:36 UTC

Created attachment 143278 [details]
Screenshot (torrent groups)

I know it's not metadata but the custom torrent groups feature is also plagued by this.