[dolphin] [Bug 488910] New: html rendering on information panel.

[Sheikh Ali Akbar]

https://bugs.kde.org/show_bug.cgi?id=488910

            Bug ID: 488910
           Summary: html rendering on information panel.
    Classification: Applications
           Product: dolphin
           Version: unspecified
          Platform: Debian stable
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: panels: information
          Assignee: dolphin-bugs-null at kde.org
          Reporter: akberbadsha05 at gmail.com
                CC: kfm-devel at kde.org
  Target Milestone: ---

Created attachment 170765
  --> https://bugs.kde.org/attachment.cgi?id=170765&action=edit
poc

***
If you're not sure this is actually a bug, instead post about it at
https://discuss.kde.org

If you're reporting a crash, attach a backtrace with debug symbols; see
https://community.kde.org/Guidelines_and_HOWTOs/Debugging/How_to_create_useful_crash_reports
***

SUMMARY
information panel treat text/informations like html. which leads to html
injection through file name.

STEPS TO REPRODUCE
1. take one exFat formated usb/drive
2. create a file on your linux machine with name `<h1>test` and copy this file
3. now go to exfat formated drive and paste the file. 
4. it will give warning about special charecter on filename will be replaced
with underscore. but it will also treat the file name as html and render it
with given html tag

OBSERVED RESULT
Html rendered filename which means html injection

EXPECTED RESULT
escaped file name like other panels

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Debian gnu/linux 12
(available in About System)
KDE Plasma Version: 5.27.5
KDE Frameworks Version: 5.103.0
Qt Version: 5.15.8

ADDITIONAL INFORMATION

-- 
You are receiving this mail because:
You are on the CC list for the bug.