Browse Source

Properly html-escape labels

miguelfreitas
Wladimir J. van der Laan 14 years ago
parent
commit
dedf83a19b
  1. 4
      src/qt/sendcoinsdialog.cpp
  2. 10
      src/qt/transactiondesc.cpp

4
src/qt/sendcoinsdialog.cpp

@ -9,7 +9,7 @@
#include <QMessageBox> #include <QMessageBox>
#include <QLocale> #include <QLocale>
#include <QDebug> #include <QTextDocument>
SendCoinsDialog::SendCoinsDialog(QWidget *parent) : SendCoinsDialog::SendCoinsDialog(QWidget *parent) :
QDialog(parent), QDialog(parent),
@ -71,7 +71,7 @@ void SendCoinsDialog::on_sendButton_clicked()
QStringList formatted; QStringList formatted;
foreach(const SendCoinsRecipient &rcp, recipients) foreach(const SendCoinsRecipient &rcp, recipients)
{ {
formatted.append(tr("<b>%1</b> to %2 (%3)").arg(BitcoinUnits::formatWithUnit(BitcoinUnits::BTC, rcp.amount), rcp.label, rcp.address)); formatted.append(tr("<b>%1</b> to %2 (%3)").arg(BitcoinUnits::formatWithUnit(BitcoinUnits::BTC, rcp.amount), Qt::escape(rcp.label), rcp.address));
} }
QMessageBox::StandardButton retval = QMessageBox::question(this, tr("Confirm send coins"), QMessageBox::StandardButton retval = QMessageBox::question(this, tr("Confirm send coins"),

10
src/qt/transactiondesc.cpp

@ -134,7 +134,7 @@ string TransactionDesc::toHTML(CWallet *wallet, CWalletTx &wtx)
strHTML += _("<b>To:</b> "); strHTML += _("<b>To:</b> ");
strHTML += HtmlEscape(address.ToString()); strHTML += HtmlEscape(address.ToString());
if (!wallet->mapAddressBook[address].empty()) if (!wallet->mapAddressBook[address].empty())
strHTML += _(" (yours, label: ") + wallet->mapAddressBook[address] + ")"; strHTML += _(" (yours, label: ") + HtmlEscape(wallet->mapAddressBook[address]) + ")";
else else
strHTML += _(" (yours)"); strHTML += _(" (yours)");
strHTML += "<br>"; strHTML += "<br>";
@ -157,7 +157,7 @@ string TransactionDesc::toHTML(CWallet *wallet, CWalletTx &wtx)
strAddress = wtx.mapValue["to"]; strAddress = wtx.mapValue["to"];
strHTML += _("<b>To:</b> "); strHTML += _("<b>To:</b> ");
if (wallet->mapAddressBook.count(strAddress) && !wallet->mapAddressBook[strAddress].empty()) if (wallet->mapAddressBook.count(strAddress) && !wallet->mapAddressBook[strAddress].empty())
strHTML += wallet->mapAddressBook[strAddress] + " "; strHTML += HtmlEscape(wallet->mapAddressBook[strAddress]) + " ";
strHTML += HtmlEscape(strAddress) + "<br>"; strHTML += HtmlEscape(strAddress) + "<br>";
} }
@ -215,8 +215,8 @@ string TransactionDesc::toHTML(CWallet *wallet, CWalletTx &wtx)
{ {
strHTML += _("<b>To:</b> "); strHTML += _("<b>To:</b> ");
if (wallet->mapAddressBook.count(address) && !wallet->mapAddressBook[address].empty()) if (wallet->mapAddressBook.count(address) && !wallet->mapAddressBook[address].empty())
strHTML += wallet->mapAddressBook[address] + " "; strHTML += HtmlEscape(wallet->mapAddressBook[address]) + " ";
strHTML += address.ToString(); strHTML += HtmlEscape(address.ToString());
strHTML += "<br>"; strHTML += "<br>";
} }
} }
@ -303,7 +303,7 @@ string TransactionDesc::toHTML(CWallet *wallet, CWalletTx &wtx)
if (ExtractAddress(vout.scriptPubKey, 0, address)) if (ExtractAddress(vout.scriptPubKey, 0, address))
{ {
if (wallet->mapAddressBook.count(address) && !wallet->mapAddressBook[address].empty()) if (wallet->mapAddressBook.count(address) && !wallet->mapAddressBook[address].empty())
strHTML += wallet->mapAddressBook[address] + " "; strHTML += HtmlEscape(wallet->mapAddressBook[address]) + " ";
strHTML += address.ToString(); strHTML += address.ToString();
} }
strHTML = strHTML + " Amount=" + FormatMoney(vout.nValue); strHTML = strHTML + " Amount=" + FormatMoney(vout.nValue);

Loading…
Cancel
Save