[dolphin] [Bug 480190] Dolphin QML HTML injection
Jonathan Marten
bugzilla_noreply at kde.org
Wed Feb 7 08:51:24 GMT 2024
https://bugs.kde.org/show_bug.cgi?id=480190
Jonathan Marten <jjm at keelhaul.me.uk> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jjm at keelhaul.me.uk
--- Comment #3 from Jonathan Marten <jjm at keelhaul.me.uk> ---
Created attachment 165640
--> https://bugs.kde.org/attachment.cgi?id=165640&action=edit
Example screen shot
Maybe what the reporter means is that it is possible to inject HTML into the
error message displayed when a file or folder does not exist, as shown in the
screen shot if Dolphin is started with the command line
dolphin "<img src='file:/tmp/kde.png'/><br><H1>HTML Injection</h1>"
However, there is no obvious exploit either remotely or by viewing an exploit
file name or file contents, so it is not likely to be a securiry risk.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the kfm-devel
mailing list