Project

General

Profile

Bug #10136

WebRenderer::serveError leaks error details to end user

Added by Roel Standaert about 1 month ago.

Status:
New
Priority:
Normal
Assignee:
-
Target version:
Start date:
04/08/2022
Due date:
% Done:

0%

Estimated time:

Description

serveError is used in several places where an unexpected exception is caught. The what() of this exception is then sent to the user.

We should not do this, at least not by default. Maybe we could allow the developer to turn it on for development, but normally the user should not get more information than "something went wrong", otherwise a malicious actor may be able to gain valuable information.

No data to display

Also available in: Atom PDF