gui: Show messages as text not html

Currently, error messages (such as InitError) are displayed as-is, which means Qt does auto detection on the format. This means that it's possible to inject HTML from the command line though e.g. specifying a wallet name with HTML in it. This isn't a direct security risk because fetching content from internet is disabled (and as far as I know we never report strings received from the network this way). However, it can be confusing. So explicitly force the format as text. Github-Pull: #12617 Rebased-From: 6fbc0986fa2d49a1cb65b60eca71c25c84842a54
2025-01-11 15:48:05 +00:00 · 2018-03-06 16:39:45 +01:00 · 2018-03-06 16:39:45 +01:00 · 21dd5127a4
commit 21dd5127a4
parent f78e7f6589
1 changed files with 1 additions and 0 deletions
--- a/src/qt/bitcoingui.cpp
+++ b/src/qt/bitcoingui.cpp
@ -923,6 +923,7 @@ void BitcoinGUI::message(const QString &title, const QString &message, unsigned

        showNormalIfMinimized();
        QMessageBox mBox((QMessageBox::Icon)nMBoxIcon, strTitle, message, buttons, this);
+        mBox.setTextFormat(Qt::PlainText);
        int r = mBox.exec();
        if (ret != nullptr)
            *ret = r == QMessageBox::Ok;