qml: escape untrusted text in RichText views

2026-04-17 18:02:58 +02:00
parent 49c3e498c7
commit 23ec5eb6a1
3 changed files with 13 additions and 2 deletions
--- a/components/TxConfirmationDialog.qml
+++ b/components/TxConfirmationDialog.qml
@@ -32,6 +32,7 @@ import QtQuick.Controls 2.2
 import QtQuick.Layouts 1.1

 import "../components" as MoneroComponents
+import "../js/Utils.js" as Utils
 import FontAwesome 1.0

 Rectangle {
@@ -306,7 +307,7 @@ Rectangle {
                            }
                            var title;
                            if (addressBookName) {
-                                title = FontAwesome.addressBook + " " + addressBookName;
+                                title = FontAwesome.addressBook + " " + Utils.htmlEscape(addressBookName);
                            } else {
                                title = qsTr("Monero address") + translationManager.emptyString;
                            }