Public/monero-gui
1
0
Fork 1
mirror of https://github.com/monero-project/monero-gui.git synced 2026-04-21 07:07:26 -04:00
Code Issues Packages Projects Releases Wiki Activity

qml: escape untrusted text in RichText views

Browse Source
This commit is contained in:
selsta
2026-04-17 18:02:58 +02:00
parent 49c3e498c7
commit 23ec5eb6a1
3 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
components/TxConfirmationDialog.qml
View File

@@ -32,6 +32,7 @@ import QtQuick.Controls 2.2
import QtQuick.Layouts 1.1
import "../components" as MoneroComponents
import "../js/Utils.js" as Utils
import FontAwesome 1.0
Rectangle {
@@ -306,7 +307,7 @@ Rectangle {
}
var title;
if (addressBookName) {
title = FontAwesome.addressBook + " " + addressBookName;
title = FontAwesome.addressBook + " " + Utils.htmlEscape(addressBookName);
} else {
title = qsTr("Monero address") + translationManager.emptyString;
}

10
js/Utils.js
View File

@@ -130,3 +130,13 @@ function parseDateStringOrRestoreHeightAsInteger(value) {
}
return restoreHeight;
}
function htmlEscape(s) {
if (s === null || s === undefined)
return "";
return String(s)
.replace(/&/g, "&")
.replace(/</g, "&lt;")
.replace(/>/g, "&gt;")
.replace(/"/g, "&quot;");
}

2
pages/settings/SettingsLog.qml
View File

@@ -180,7 +180,7 @@ Rectangle {
consoleArea.append(msg);
}
function logMessage(msg){
msg = msg.trim();
msg = Utils.htmlEscape(msg.trim());
var color = MoneroComponents.Style.defaultFontColor;
if(msg.toLowerCase().indexOf('error') >= 0){
color = MoneroComponents.Style.errorColor;