Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rich text markup in password is interpreted in preview pane #11538

Closed
swardman opened this issue Dec 6, 2024 · 6 comments · Fixed by #11539
Closed

Rich text markup in password is interpreted in preview pane #11538

swardman opened this issue Dec 6, 2024 · 6 comments · Fixed by #11539
Assignees
@droidmonkey
Labels
user interface
Milestone
v2.7.10

Comments

@swardman
Copy link

swardman commented Dec 6, 2024

Overview

When a password containing rich text markup is revealed in the preview pane the markup is interpreted and the text is formatted.

Steps to Reproduce

  1. in the main database view, add a new entry.
  2. Enter the password: My<s>ecret, and click OK.
  3. Select the new entry in the entries pane.
  4. In the General tab in preview pane click the 👁 (eye) button to show the password.

Expected Behavior

Password is displayed in the preview pane as: My<s>ecret
(<s> is displayed literally)

Actual Behavior

Password is displayed in the preview pane as: Myecret
(<s> is interpreted and the following characters, "ecret", are struck through.)

Context

This only appears to affect the preview pane -- the password column in the entries pane if "hide passwords" is disabled and the password field in the add/edit entry window are not affected.

KeePassXC - Version 2.7.9
Revision: 8f6dd13

Qt 5.15.11
Debugging mode is disabled.

Operating system: Windows 11 Version 2009
CPU architecture: x86_64
Kernel: winnt 10.0.22631

KeePassXC - Version 2.7.6
Revision: dd21def

Qt 5.15.13
Debugging mode is disabled.

Operating system: Ubuntu 24.04.1 LTS
CPU architecture: x86_64
Kernel: linux 6.8.0-49-generic
Desktop Env: Gnome
Windowing System: Wayland
@swardman swardman added the bug label Dec 6, 2024
@swardman
Copy link
Author

swardman commented Dec 6, 2024

Markup in the title field is also interpreted, but not in Username, Tags, or Notes (although markup may be useful in Notes).

@droidmonkey
Copy link
Member

droidmonkey commented Dec 7, 2024
edited
Loading

Notes also do not render HTML since they are explicitly set to plain text to avoid interpretation. A separate request to support Markdown will be supported in 2.8.0 (#1057).

I fixed the others, before/after screenshots:

Image

Image

Advanced attributes are also ok, no changes needed:

Image

@droidmonkey droidmonkey self-assigned this Dec 7, 2024
@droidmonkey droidmonkey added this to the v2.7.10 milestone Dec 7, 2024
@github-project-automation github-project-automation bot moved this to To triage in WIP Tracker Dec 7, 2024
droidmonkey added a commit that referenced this issue Dec 7, 2024
@droidmonkey
Fix entry preview rendering HTML
7b70cc9 
* Fixes #11538 - prevent rendering HTML in Title, Password, and URL fields in the entry preview pane.
@droidmonkey droidmonkey mentioned this issue Dec 7, 2024
Merged
@droidmonkey droidmonkey moved this from To triage to In review in WIP Tracker Dec 7, 2024
@swardman
Copy link
Author

With the commit HTML character references for symbols such as & are shown in the preview, sometimes. I think it's because the text format Qt::AutoText is deciding the text is plain text and double-encoding it. Explicitly setting the textFormat property on the labels to Qt::RichText does seem to fix it.

Before commit:
Image

After commit:
Image

@swardman
Copy link
Author

Alternatively, go the other way don't HTML escape, explicitly set the text format to Qt::PlainText. However, the password entry needs rich text for the password colouring, and the notes entry will presumably use Qt::MarkdownText for the planned Markdown support.

@droidmonkey
Copy link
Member

Oh that is unfortunate... maybe we need to implement a minimal escaping that just does the angle brackets

@swardman
Copy link
Author

I had a play to try to work out what was going on, and I suspect it's just the way the text formatting for QLabel works, there should be no need to implement any different escaping. (Take with a pinch of salt, my Qt development experience is pretty much a dabble with PyQT years ago and following the getting started with Qt Widgets tutorial today.) I text edited the EntryPreviewWidget.ui file to set the textFormat properties to see if it worked, that's the extent of my testing so far.

@github-project-automation github-project-automation bot moved this from In review to Done in WIP Tracker Dec 24, 2024
@droidmonkey droidmonkey mentioned this issue Dec 24, 2024
Merged
droidmonkey added a commit that referenced this issue Jan 3, 2025
@droidmonkey
Fix entry preview rendering HTML
9985692 
* Fixes #11538 - prevent rendering HTML in Title, Password, and URL fields in the entry preview pane.
pull bot pushed a commit to Graysonbarton/keepassxc that referenced this issue Jan 26, 2025
@droidmonkey @pull
Fix entry preview rendering HTML
f6412b7 
* Fixes keepassxreboot#11538 - prevent rendering HTML in Title, Password, and URL fields in the entry preview pane.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@droidmonkey droidmonkey

Labels
user interface
Projects
WIP Tracker
Archived in project
Milestone
v2.7.10
Development

Successfully merging a pull request may close this issue.

Fix entry preview rendering HTML keepassxreboot/keepassxc
2 participants
@swardman @droidmonkey