DragonX/SilentDragonXLite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Fix a phishing vulnerability related to HTML in memo fields

Browse Source 
Original report by @s-rah here: ZcashFoundation#205
This commit is contained in:
Denio
2019-11-27 19:52:44 +01:00
parent f38944732e
commit 12fc6b80e2
2 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/mainwindow.cpp
View File

@@ -886,6 +886,7 @@ void MainWindow::setupTransactionsTab() {
if (!memo.isEmpty()) {
QMessageBox mb(QMessageBox::Information, tr("Memo"), memo, QMessageBox::Ok, this);
mb.setTextFormat(Qt::PlainText);
mb.setTextInteractionFlags(Qt::TextSelectableByMouse | Qt::TextSelectableByKeyboard);
mb.exec();
}
@@ -934,6 +935,7 @@ void MainWindow::setupTransactionsTab() {
if (!memo.isEmpty()) {
menu.addAction(tr("View Memo"), [=] () {
QMessageBox mb(QMessageBox::Information, tr("Memo"), memo, QMessageBox::Ok, this);
mb.setTextFormat(Qt::PlainText);
mb.setTextInteractionFlags(Qt::TextSelectableByMouse | Qt::TextSelectableByKeyboard);
mb.exec();
});

2
src/txtablemodel.cpp
View File

@@ -137,7 +137,7 @@ QVariant TxTableModel::data(const QModelIndex &index, int role) const {
return Settings::paymentURIPretty(Settings::parseURI(memo));
} else {
return modeldata->at(index.row()).type +
(memo.isEmpty() ? "" : " tx memo: \"" + memo + "\"");
(memo.isEmpty() ? "" : " tx memo: \"" + memo.toHtmlEscaped() + "\"");
}
} else {
return concatMultipleMemos(dat);