DragonX/SilentDragonXLite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Fix a phishing vulnerability related to HTML in memo fields

Browse Source 
Original report by @s-rah here: ZcashFoundation#205
This commit is contained in:
Denio
2019-11-27 19:52:44 +01:00
parent f38944732e
commit 12fc6b80e2
2 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/txtablemodel.cpp
View File

@@ -137,7 +137,7 @@ QVariant TxTableModel::data(const QModelIndex &index, int role) const {
return Settings::paymentURIPretty(Settings::parseURI(memo));
} else {
return modeldata->at(index.row()).type +
(memo.isEmpty() ? "" : " tx memo: \"" + memo + "\"");
(memo.isEmpty() ? "" : " tx memo: \"" + memo.toHtmlEscaped() + "\"");
}
} else {
return concatMultipleMemos(dat);