Proper checking of scheme in URL replacement escape sequence handler, disable by default, and add warning with implications of doing it. (!201) · Merge requests · Utilities / Konsole

Martin Tobias Holmedahl Sandsmark requested to merge sandsmark/konsole:martin/url-escape-off-by-default into master Aug 23, 2020

Since this is a security issue it shouldn't be on by default (though I don't think the curl thing in the example file works with KRun currently, stuff like it pops up from time to time).

Should probably also add some heuristics for common tricks, though that turns into a cat and mouse game as well.

Edited Oct 22, 2020 by Martin Tobias Holmedahl Sandsmark

Proper checking of scheme in URL replacement escape sequence handler, disable by default, and add warning with implications of doing it.

Merge request reports