[dolphin] [Bug 480190] Dolphin QML HTML injection
Harald Sitter
bugzilla_noreply at kde.org
Wed Feb 7 13:34:51 GMT 2024
https://bugs.kde.org/show_bug.cgi?id=480190
--- Comment #5 from Harald Sitter <sitter at kde.org> ---
(In reply to Benjamin Flesch from comment #4)
> @sitter: It is a problem because if you close dolphin with alt+f4 the QML
> injection stays and visually pollutes your dolphin experience.
Well, you shot yourself in the foot, that is going to hurt any amount of time.
> Not to speak from the nice crashes you can get with `dolphin --new-window
> $(perl -E "print('A' x 100000)")`
If the user wants to shoot themselves in the foot that's their right.
> IMO handling of untrusted user input should be improved before you end up
> with a proper security situation.
It is trusted by virtue of coming from the user session.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the kfm-devel
mailing list