Fix a phishing vulnerability related to HTML in memo fields

Original report by @s-rah here: ZcashFoundation#205
2019-11-27 19:52:44 +01:00
parent f38944732e
commit 12fc6b80e2
2 changed files with 3 additions and 1 deletions
--- a/src/mainwindow.cpp
+++ b/src/mainwindow.cpp
@@ -886,6 +886,7 @@ void MainWindow::setupTransactionsTab() {
        if (!memo.isEmpty()) {
            QMessageBox mb(QMessageBox::Information, tr("Memo"), memo, QMessageBox::Ok, this);
            mb.setTextFormat(Qt::PlainText);
            mb.setTextInteractionFlags(Qt::TextSelectableByMouse | Qt::TextSelectableByKeyboard);
            mb.exec();
        }
@@ -934,6 +935,7 @@ void MainWindow::setupTransactionsTab() {
        if (!memo.isEmpty()) {
            menu.addAction(tr("View Memo"), [=] () {               
                QMessageBox mb(QMessageBox::Information, tr("Memo"), memo, QMessageBox::Ok, this);
                mb.setTextFormat(Qt::PlainText);
                mb.setTextInteractionFlags(Qt::TextSelectableByMouse | Qt::TextSelectableByKeyboard);
                mb.exec();
            });
--- a/src/txtablemodel.cpp
+++ b/src/txtablemodel.cpp
@@ -137,7 +137,7 @@ QVariant TxTableModel::data(const QModelIndex &index, int role) const {
                            return Settings::paymentURIPretty(Settings::parseURI(memo));
                        } else {
                            return modeldata->at(index.row()).type + 
-                            (memo.isEmpty() ? "" : " tx memo: \"" + memo + "\"");
+                            (memo.isEmpty() ? "" : " tx memo: \"" + memo.toHtmlEscaped() + "\"");
                        }
                    } else {
                        return concatMultipleMemos(dat);