diff --git a/src/qt/sendcoinsdialog.cpp b/src/qt/sendcoinsdialog.cpp index d5f15e36631..54cae21a1b2 100644 --- a/src/qt/sendcoinsdialog.cpp +++ b/src/qt/sendcoinsdialog.cpp @@ -9,7 +9,7 @@ #include #include -#include +#include SendCoinsDialog::SendCoinsDialog(QWidget *parent) : QDialog(parent), @@ -71,7 +71,7 @@ void SendCoinsDialog::on_sendButton_clicked() QStringList formatted; foreach(const SendCoinsRecipient &rcp, recipients) { - formatted.append(tr("%1 to %2 (%3)").arg(BitcoinUnits::formatWithUnit(BitcoinUnits::BTC, rcp.amount), rcp.label, rcp.address)); + formatted.append(tr("%1 to %2 (%3)").arg(BitcoinUnits::formatWithUnit(BitcoinUnits::BTC, rcp.amount), Qt::escape(rcp.label), rcp.address)); } QMessageBox::StandardButton retval = QMessageBox::question(this, tr("Confirm send coins"), diff --git a/src/qt/transactiondesc.cpp b/src/qt/transactiondesc.cpp index 9aeee5deba6..88dc2d8d678 100644 --- a/src/qt/transactiondesc.cpp +++ b/src/qt/transactiondesc.cpp @@ -134,7 +134,7 @@ string TransactionDesc::toHTML(CWallet *wallet, CWalletTx &wtx) strHTML += _("To: "); strHTML += HtmlEscape(address.ToString()); if (!wallet->mapAddressBook[address].empty()) - strHTML += _(" (yours, label: ") + wallet->mapAddressBook[address] + ")"; + strHTML += _(" (yours, label: ") + HtmlEscape(wallet->mapAddressBook[address]) + ")"; else strHTML += _(" (yours)"); strHTML += "
"; @@ -157,7 +157,7 @@ string TransactionDesc::toHTML(CWallet *wallet, CWalletTx &wtx) strAddress = wtx.mapValue["to"]; strHTML += _("To: "); if (wallet->mapAddressBook.count(strAddress) && !wallet->mapAddressBook[strAddress].empty()) - strHTML += wallet->mapAddressBook[strAddress] + " "; + strHTML += HtmlEscape(wallet->mapAddressBook[strAddress]) + " "; strHTML += HtmlEscape(strAddress) + "
"; } @@ -215,8 +215,8 @@ string TransactionDesc::toHTML(CWallet *wallet, CWalletTx &wtx) { strHTML += _("To: "); if (wallet->mapAddressBook.count(address) && !wallet->mapAddressBook[address].empty()) - strHTML += wallet->mapAddressBook[address] + " "; - strHTML += address.ToString(); + strHTML += HtmlEscape(wallet->mapAddressBook[address]) + " "; + strHTML += HtmlEscape(address.ToString()); strHTML += "
"; } } @@ -303,7 +303,7 @@ string TransactionDesc::toHTML(CWallet *wallet, CWalletTx &wtx) if (ExtractAddress(vout.scriptPubKey, 0, address)) { if (wallet->mapAddressBook.count(address) && !wallet->mapAddressBook[address].empty()) - strHTML += wallet->mapAddressBook[address] + " "; + strHTML += HtmlEscape(wallet->mapAddressBook[address]) + " "; strHTML += address.ToString(); } strHTML = strHTML + " Amount=" + FormatMoney(vout.nValue);