[Bug 309006] [NEW] Kopete doesn't escape HTML in receiving messages

Sjoerd Hemminga sjoerd at hemminga-online.nl
Wed Dec 17 15:35:10 UTC 2008

Public bug reported:

Binary package hint: kdenetwork

When receiving a message that contains HTML code, Kopete will interpret
the HTML and display a parsed version of it. E.g. "<a
href="http://www.example.com/">Hi</a>" will display as a link to
example.com. I've seen this behaviour on ICQ, where the other person was
using CenterIM, and on MSN, where the other party was using Trillian.

It is quite annoying when people send you messages like "http://link/
<-- Check this out" or an HTML paste. I'm not sure if this can be
abused. I tried some simple tests with Javascript, which didn't work,
but that was in no way exhaustive.

I'm using Ubuntu 8.10 and Kopete 4.1.3.

** Affects: kdenetwork (Ubuntu)
     Importance: Undecided
         Status: New

Kopete doesn't escape HTML in receiving messages
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to kdenetwork in ubuntu.

More information about the kubuntu-bugs mailing list