https://bugs.kde.org/show_bug.cgi?id=422616
--- Comment #8 from Konrad Materka <mate...@gmail.com> --- (In reply to David Edmundson from comment #4) > > "textFormat: Text.AutoText", > > has been repeatedly problematic with regards to security. > > It'll process <img="http://..."; and for us loading any network request > without user expectation is frowned upon. Hmm, I don't think it is such a big problem. App can send unexpected network requests anyway, one more in tooltip should not make a difference. From the other side loading anything from the Internet can be risky, both for security and privacy reasons. I wouldn't worry about performance, even if Text.AutoText is slow the impact is low. Having Text.StyledText explicitly is probably the best option. The best would be to have something like Text.RestrictedStyledText which would not allow external resources, but there is nothing like that :) We need to allow HTML in tooltip anyway - it is already used by several apps. I assume it is also supported by other DMs (is it? Gnome?). -- You are receiving this mail because: You are watching all bug changes.
