Differential D12086

[OSD] Enforce plain text
ClosedPublic
Actions

Authored by broulik on Apr 10 2018, 1:40 PM.

Details

Reviewers
davidedmundson
Group Reviewers
Plasma
Commits
R120:d5a98be7b642: [OSD] Enforce plain text
Test Plan

5.8 branch as it's potentially security-relevant (img tag) like the notification fix

Diff Detail

Repository
R120 Plasma Workspace
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.
broulik created this revision.Apr 10 2018, 1:40 PM
Restricted Application added a project: Plasma. · View Herald TranscriptApr 10 2018, 1:40 PM
Restricted Application added a subscriber: plasma-devel. · View Herald Transcript
broulik requested review of this revision.Apr 10 2018, 1:40 PM
davidedmundson added a subscriber: davidedmundson.Apr 10 2018, 2:53 PM

Change is fine, but where do we put third party data in an OSDItem?

broulik added a comment.Apr 11 2018, 5:58 AM

where do we put third party data in an OSDItem

  • mediaPlayerVolumeChanged takes playerName which is shown when muted
  • kbdLayoutChanged takes layoutName
  • virtualDesktopChanged takes currentVirtualDesktopName

and most importantly

  • showText takes text
davidedmundson accepted this revision.Apr 11 2018, 8:04 AM

All those require locally running code or obviously weird user input to set. So in terms of security its not like the notification issue.

Worth changing, but not cve and urgent release worthy.

This revision is now accepted and ready to land.Apr 11 2018, 8:04 AM
broulik added a comment.Apr 11 2018, 10:15 AM

Worth changing, but not cve and urgent release worthy.

Agreed.

Closed by commit R120:d5a98be7b642: [OSD] Enforce plain text (authored by broulik). · Explain WhyApr 11 2018, 10:15 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Diff 31862

View Options

lookandfeel/contents/osd/OsdItem.qml

Loading...