Review Request 122411: Prevent notifications from accessing the network

Kai Uwe Broulik kde at privat.broulik.de
Wed Feb 4 08:46:10 UTC 2015 


> On Feb. 4, 2015, 7:16 vorm., Martin Gräßlin wrote:
> > Just wondering: I assume the problem is also because the data is interpreted. Is that intended, that applications can send markup which gets interpreted?

Yes, the specification explicitly allows (and we enforce) a subset of HTML in the notifications, and David won't be happy if we remove the ability for <img> tags in there (ktp emoticons), hence this approach.


- Kai Uwe


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/122411/#review75351
-----------------------------------------------------------


On Feb. 3, 2015, 6:44 nachm., Kai Uwe Broulik wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/122411/
> -----------------------------------------------------------
> 
> (Updated Feb. 3, 2015, 6:44 nachm.)
> 
> 
> Review request for Plasma.
> 
> 
> Repository: plasma-workspace
> 
> 
> Description
> -------
> 
> This follows a similar approach as the screenlocker and installs a QQmlNetworkAccessManagerFactory that returns a NetworkAccessManager with accessbility set to no access. This is the most apparent situtation because it accepts arbitrary input but we need a more widespread and unified solution since any applet can basically do anything on file system and network.
> 
> 
> Diffs
> -----
> 
>   applets/notifications/plugin/notificationshelperplugin.h 3c6d45f 
>   applets/notifications/plugin/notificationshelperplugin.cpp 1ae8b7f 
> 
> Diff: https://git.reviewboard.kde.org/r/122411/diff/
> 
> 
> Testing
> -------
> 
> kdialog --passivepopup "<img src='https://www.kde.org/media/images/kde.png'> Hello"
> no longer shows a KDE logo
> 
> 
> Thanks,
> 
> Kai Uwe Broulik
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/plasma-devel/attachments/20150204/65a1a1e6/attachment-0001.html>

More information about the Plasma-devel mailing list