towards Subsurface 4.9.8

Berthold Stoeger bstoeger at mail.tuwien.ac.at
Sat Nov 7 05:00:26 PST 2020


Hi Kim,

On Samstag, 7. November 2020 08:11:16 CET Kim Delmar via subsurface wrote:

> Problems common to all platforms:
> - in the dive computer "device names" tab, all three columns
> (Mode/DevID/Nickname) are too narrow by default, all columns need to be
> widened to read the headers and table data.

The problem is that the default width is chosen using the table-header which 
is too small. We might think about special-casing this particular table.

This PR: https://github.com/subsurface/subsurface/pull/3069
should improve the situation in that the last column is now stretched and the 
width of the columns is saved on application exit. Now, at least you only have 
to set sensible values once.

> - Filter set names can be saved with embedded HTML tags, and when reloaded
> the HTML tags are rendered directly as HTML in the "Current set" field. I
> dont know if it could be exploited to do XSS by loading a malicious dive
> log.  I couldnt find any other user-inputted text that behaves like this,
> only the displayed filter set save names.

Good catch - fixed in above PR.

> - Filter set save names are mangled if you use the ampersand character. "&
> " (with trailing space) gets rendered as "_".  Seems reasonable to have a
> filter set named "Alice & Bob" for your dives with both Alice and Bob.
> Workaround is to name the filter set "Alice && Bob".

I cannot reproduce this. "Alice & Bob" works just fine for me?

Thanks for testing!

Berthold





More information about the subsurface mailing list