Review Request: So master isn't frozen anymore...

Nikita Skovoroda chalkerx at gmail.com
Sat Sep 1 23:42:58 UTC 2012



> On Sept. 1, 2012, 11:40 p.m., Nikita Skovoroda wrote:
> > I just had a quick look on the youtube filter and it has some bugs.
> > 
> > Try this urls:
> > http://youtube.com/watch?v=somevideoid — does not get parsed?
> > http://www.youtube.com/html5 — does get parsed? error inside an iframe?
> > http://www.youtube.com/watch?v=%22%3E_scary_escaped_html_code_here — this is a security bug!

I can inject any html/js inside the ktp-text-ui tab by constructing a youtube link like the third one, including loading of an external page or javascript.


- Nikita


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/106083/#review18416
-----------------------------------------------------------


On Aug. 19, 2012, 10:29 a.m., Lasath Fernando wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> http://git.reviewboard.kde.org/r/106083/
> -----------------------------------------------------------
> 
> (Updated Aug. 19, 2012, 10:29 a.m.)
> 
> 
> Review request for Telepathy.
> 
> 
> Description
> -------
> 
> Right, so here's a big fat review containing many many things, including all the remaining plugins and a few tweaks to Message.
> 
> As per usual, all the code is in my scratch repo: http://quickgit.kde.org/index.php?p=clones%2Fktp-text-ui%2Ffernando%2Fgsoc.git&a=summary
> 
> Now, I'm going to take a well earned nap.
> 
> 
> Diffs
> -----
> 
>   filters/CMakeLists.txt ee7c23d 
>   filters/bugzilla/CMakeLists.txt PRE-CREATION 
>   filters/bugzilla/bugzilla-filter.h PRE-CREATION 
>   filters/bugzilla/bugzilla-filter.cpp PRE-CREATION 
>   filters/bugzilla/ktptextui_message_filter_bugzilla.desktop PRE-CREATION 
>   filters/highlight/CMakeLists.txt PRE-CREATION 
>   filters/highlight/highlight-filter.h PRE-CREATION 
>   filters/highlight/highlight-filter.cpp PRE-CREATION 
>   filters/highlight/ktptextui_message_filter_highlight.desktop PRE-CREATION 
>   filters/latex/CMakeLists.txt PRE-CREATION 
>   filters/latex/ktp_message_filter_latex_converter.sh PRE-CREATION 
>   filters/latex/ktptextui_message_filter_latex.desktop PRE-CREATION 
>   filters/latex/latex-filter.h PRE-CREATION 
>   filters/latex/latex-filter.cpp PRE-CREATION 
>   filters/pipes/CMakeLists.txt PRE-CREATION 
>   filters/pipes/kcm_ktp_filter_config_pipes.desktop PRE-CREATION 
>   filters/pipes/ktptextui_message_filter_pipes.desktop PRE-CREATION 
>   filters/pipes/pipes-config.h PRE-CREATION 
>   filters/pipes/pipes-config.cpp PRE-CREATION 
>   filters/pipes/pipes-config.ui PRE-CREATION 
>   filters/pipes/pipes-delegate.h PRE-CREATION 
>   filters/pipes/pipes-delegate.cpp PRE-CREATION 
>   filters/pipes/pipes-filter.h PRE-CREATION 
>   filters/pipes/pipes-filter.cpp PRE-CREATION 
>   filters/pipes/pipes-model.h PRE-CREATION 
>   filters/pipes/pipes-model.cpp PRE-CREATION 
>   filters/pipes/pipes-prefs.h PRE-CREATION 
>   filters/pipes/pipes-prefs.cpp PRE-CREATION 
>   filters/pipes/pipes-prefstest.h PRE-CREATION 
>   filters/pipes/pipes-prefstest.cpp PRE-CREATION 
>   filters/substitution/CMakeLists.txt PRE-CREATION 
>   filters/substitution/kcm_ktp_filter_config_substitution.desktop PRE-CREATION 
>   filters/substitution/ktptextui_message_filter_substitution.desktop PRE-CREATION 
>   filters/substitution/substitution-config.h PRE-CREATION 
>   filters/substitution/substitution-config.cpp PRE-CREATION 
>   filters/substitution/substitution-config.ui PRE-CREATION 
>   filters/substitution/substitution-filter.h PRE-CREATION 
>   filters/substitution/substitution-filter.cpp PRE-CREATION 
>   filters/substitution/substitution-prefs.h PRE-CREATION 
>   filters/substitution/substitution-prefs.cpp PRE-CREATION 
>   filters/youtube/CMakeLists.txt PRE-CREATION 
>   filters/youtube/ktptextui_message_filter_youtube.desktop PRE-CREATION 
>   filters/youtube/youtube-filter.h PRE-CREATION 
>   filters/youtube/youtube-filter.cpp PRE-CREATION 
>   lib/abstract-message-filter.h 7b60d48 
>   lib/abstract-message-filter.cpp 2a3a897 
>   lib/message.h ef9530b 
>   lib/message.cpp 6db648e 
>   tests/message-processor-basic-tests.h 7dc99e4 
>   tests/message-processor-basic-tests.cpp 8546605 
> 
> Diff: http://git.reviewboard.kde.org/r/106083/diff/
> 
> 
> Testing
> -------
> 
> Wrote/passed/failed unit tests; talked to myself so much to the point I swear I have mild schizophrenia now. 
> 
> 
> Thanks,
> 
> Lasath Fernando
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-telepathy/attachments/20120901/c80eba1a/attachment.html>


More information about the KDE-Telepathy mailing list