Fix a phishing vulnerability related to HTML in memo fields

Original report by @s-rah here: ZcashFoundation#205
2019-11-27 19:52:44 +01:00
parent f38944732e
commit 12fc6b80e2
2 changed files with 3 additions and 1 deletions
--- a/src/mainwindow.cpp
+++ b/src/mainwindow.cpp
@@ -886,6 +886,7 @@ void MainWindow::setupTransactionsTab() {

        if (!memo.isEmpty()) {
            QMessageBox mb(QMessageBox::Information, tr("Memo"), memo, QMessageBox::Ok, this);
+            mb.setTextFormat(Qt::PlainText);
            mb.setTextInteractionFlags(Qt::TextSelectableByMouse | Qt::TextSelectableByKeyboard);
            mb.exec();
        }
@@ -934,6 +935,7 @@ void MainWindow::setupTransactionsTab() {
        if (!memo.isEmpty()) {
            menu.addAction(tr("View Memo"), [=] () {               
                QMessageBox mb(QMessageBox::Information, tr("Memo"), memo, QMessageBox::Ok, this);
+                mb.setTextFormat(Qt::PlainText);
                mb.setTextInteractionFlags(Qt::TextSelectableByMouse | Qt::TextSelectableByKeyboard);
                mb.exec();
            });