diff options
| author | Wladimir J. van der Laan <[email protected]> | 2018-03-06 20:26:27 +0100 |
|---|---|---|
| committer | Wladimir J. van der Laan <[email protected]> | 2018-03-06 20:27:15 +0100 |
| commit | 20e3b9a485fd6b23785c5caa49d01ea49fdc8bcf (patch) | |
| tree | 6820a1a38a2efb1e2fdf7306c3eb2a19b3fad50c /src/httpserver.cpp | |
| parent | Merge #12373: Build: Add build support for profiling. (diff) | |
| parent | gui: Show messages as text not html (diff) | |
| download | discoin-20e3b9a485fd6b23785c5caa49d01ea49fdc8bcf.tar.xz discoin-20e3b9a485fd6b23785c5caa49d01ea49fdc8bcf.zip | |
Merge #12617: gui: Show messages as text not html
6fbc0986f gui: Show messages as text not html (Wladimir J. van der Laan)
Pull request description:
Currently, error messages (such as InitError) are displayed as-is, which means Qt does auto detection on the format.
This means that it's possible to inject HTML from the command line though e.g. specifying a wallet name with HTML in it. This isn't a direct security risk because fetching content from internet is
disabled (and as far as I know we never report strings received from the network this way). However, it can be confusing.
So explicitly force the format as text.
Tree-SHA512: 96c9196f20552544b862071bca61817ef03653019cc3548023d435f3a9c48b6cd501fab3246783cb0be68c8c7bb1b865913d92070a7c4e84e82c6577709f0934
Diffstat (limited to 'src/httpserver.cpp')
0 files changed, 0 insertions, 0 deletions