Bill/monero-gui
1
0
Fork 0
forked from Public/monero-gui
Code Pull Requests Actions Packages Activity

Merge pull request #4577

Browse Source 
23ec5eb qml: escape untrusted text in RichText views (selsta)
This commit is contained in:
tobtoht
2026-04-18 08:09:49 +00:00
parent 081848bab0 23ec5eb6a1
commit bb4bc4a77e
3 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
components/TxConfirmationDialog.qml
View File

@@ -32,6 +32,7 @@ import QtQuick.Controls 2.2
import QtQuick.Layouts 1.1 import QtQuick.Layouts 1.1
import "../components" as MoneroComponents import "../components" as MoneroComponents
import "../js/Utils.js" as Utils
import FontAwesome 1.0 import FontAwesome 1.0
Rectangle { Rectangle {
@@ -306,7 +307,7 @@ Rectangle {
} }
var title; var title;
if (addressBookName) { if (addressBookName) {
title = FontAwesome.addressBook + " " + addressBookName; title = FontAwesome.addressBook + " " + Utils.htmlEscape(addressBookName);
} else { } else {
title = qsTr("Monero address") + translationManager.emptyString; title = qsTr("Monero address") + translationManager.emptyString;
} }

10
js/Utils.js
View File

@@ -130,3 +130,13 @@ function parseDateStringOrRestoreHeightAsInteger(value) {
} }
return restoreHeight; return restoreHeight;
} }
function htmlEscape(s) {
if (s === null || s === undefined)
return "";
return String(s)
.replace(/&/g, "&")
.replace(/</g, "&lt;")
.replace(/>/g, "&gt;")
.replace(/"/g, "&quot;");
}

2
pages/settings/SettingsLog.qml
View File

@@ -180,7 +180,7 @@ Rectangle {
consoleArea.append(msg); consoleArea.append(msg);
} }
function logMessage(msg){ function logMessage(msg){
msg = msg.trim(); msg = Utils.htmlEscape(msg.trim());
var color = MoneroComponents.Style.defaultFontColor; var color = MoneroComponents.Style.defaultFontColor;
if(msg.toLowerCase().indexOf('error') >= 0){ if(msg.toLowerCase().indexOf('error') >= 0){
color = MoneroComponents.Style.errorColor; color = MoneroComponents.Style.errorColor;