Merge #12617: gui: Show messages as text not html

6fbc0986f gui: Show messages as text not html (Wladimir J. van der Laan)

Pull request description:

  Currently, error messages (such as InitError) are displayed as-is, which means Qt does auto detection on the format.

  This means that it's possible to inject HTML from the command line though e.g. specifying a wallet name with HTML in it. This isn't a direct security risk because fetching content from internet is
  disabled (and as far as I know we never report strings received from the network this way). However, it can be confusing.

  So explicitly force the format as text.

Tree-SHA512: 96c9196f20552544b862071bca61817ef03653019cc3548023d435f3a9c48b6cd501fab3246783cb0be68c8c7bb1b865913d92070a7c4e84e82c6577709f0934
This commit is contained in:
Wladimir J. van der Laan 2018-03-06 20:26:27 +01:00
commit 20e3b9a485
No known key found for this signature in database
GPG Key ID: 1E4AED62986CD25D

View File

@ -923,6 +923,7 @@ void BitcoinGUI::message(const QString &title, const QString &message, unsigned
showNormalIfMinimized();
QMessageBox mBox(static_cast<QMessageBox::Icon>(nMBoxIcon), strTitle, message, buttons, this);
mBox.setTextFormat(Qt::PlainText);
int r = mBox.exec();
if (ret != nullptr)
*ret = r == QMessageBox::Ok;