diff options
| author | Wladimir J. van der Laan <[email protected]> | 2018-03-06 16:39:45 +0100 |
|---|---|---|
| committer | Wladimir J. van der Laan <[email protected]> | 2018-03-06 16:47:31 +0100 |
| commit | 6fbc0986fa2d49a1cb65b60eca71c25c84842a54 (patch) | |
| tree | 3ee61edb39dc3c10df345b6b062262d2ffa82e8d /src | |
| parent | Merge #12604: Add DynamicMemoryUsage() to CDBWrapper to estimate LevelDB memo... (diff) | |
| download | discoin-6fbc0986fa2d49a1cb65b60eca71c25c84842a54.tar.xz discoin-6fbc0986fa2d49a1cb65b60eca71c25c84842a54.zip | |
gui: Show messages as text not html
Currently, error messages (such as InitError) are displayed as-is, which
means Qt does auto detection on the format.
This means that it's possible to inject HTML from the command line
though e.g. specifying a wallet name with HTML in it. This isn't
a direct security risk because fetching content from internet is
disabled (and as far as I know we never report strings received
from the network this way). However, it can be confusing.
So explicitly force the format as text.
Diffstat (limited to 'src')
| -rw-r--r-- | src/qt/bitcoingui.cpp | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/qt/bitcoingui.cpp b/src/qt/bitcoingui.cpp index 4e868b7c1..427eb95a8 100644 --- a/src/qt/bitcoingui.cpp +++ b/src/qt/bitcoingui.cpp @@ -923,6 +923,7 @@ void BitcoinGUI::message(const QString &title, const QString &message, unsigned showNormalIfMinimized(); QMessageBox mBox(static_cast<QMessageBox::Icon>(nMBoxIcon), strTitle, message, buttons, this); + mBox.setTextFormat(Qt::PlainText); int r = mBox.exec(); if (ret != nullptr) *ret = r == QMessageBox::Ok; |