diff options
author | Wladimir J. van der Laan <laanwj@gmail.com> | 2018-03-06 20:26:27 +0100 |
---|---|---|
committer | Wladimir J. van der Laan <laanwj@gmail.com> | 2018-03-06 20:27:15 +0100 |
commit | 20e3b9a485fd6b23785c5caa49d01ea49fdc8bcf (patch) | |
tree | 6820a1a38a2efb1e2fdf7306c3eb2a19b3fad50c /src | |
parent | f13d756cdd9445d1478a70c5387df2a444045f6e (diff) | |
parent | 6fbc0986fa2d49a1cb65b60eca71c25c84842a54 (diff) |
Merge #12617: gui: Show messages as text not html
6fbc0986f gui: Show messages as text not html (Wladimir J. van der Laan)
Pull request description:
Currently, error messages (such as InitError) are displayed as-is, which means Qt does auto detection on the format.
This means that it's possible to inject HTML from the command line though e.g. specifying a wallet name with HTML in it. This isn't a direct security risk because fetching content from internet is
disabled (and as far as I know we never report strings received from the network this way). However, it can be confusing.
So explicitly force the format as text.
Tree-SHA512: 96c9196f20552544b862071bca61817ef03653019cc3548023d435f3a9c48b6cd501fab3246783cb0be68c8c7bb1b865913d92070a7c4e84e82c6577709f0934
Diffstat (limited to 'src')
-rw-r--r-- | src/qt/bitcoingui.cpp | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/qt/bitcoingui.cpp b/src/qt/bitcoingui.cpp index 4e868b7c17..427eb95a84 100644 --- a/src/qt/bitcoingui.cpp +++ b/src/qt/bitcoingui.cpp @@ -923,6 +923,7 @@ void BitcoinGUI::message(const QString &title, const QString &message, unsigned showNormalIfMinimized(); QMessageBox mBox(static_cast<QMessageBox::Icon>(nMBoxIcon), strTitle, message, buttons, this); + mBox.setTextFormat(Qt::PlainText); int r = mBox.exec(); if (ret != nullptr) *ret = r == QMessageBox::Ok; |