Skip to content

Proper checking of scheme in URL replacement escape sequence handler, disable by default, and add warning with implications of doing it.

Since this is a security issue it shouldn't be on by default (though I don't think the curl thing in the example file works with KRun currently, stuff like it pops up from time to time).

Should probably also add some heuristics for common tricks, though that turns into a cat and mouse game as well.

Edited by Martin Tobias Holmedahl Sandsmark

Merge request reports

Loading