From b2211a41393358f496b6977df7336dd8f5fdfd78 Mon Sep 17 00:00:00 2001 From: Patrick Lodder Date: Sat, 27 Feb 2021 22:53:15 +0100 Subject: [PATCH] [qt] only allow https explorer links As reported by Fabian Braeunlein of PS Positive Security GmbH --- src/qt/transactionview.cpp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/qt/transactionview.cpp b/src/qt/transactionview.cpp index 30f4db945..eae920ed4 100644 --- a/src/qt/transactionview.cpp +++ b/src/qt/transactionview.cpp @@ -220,8 +220,9 @@ void TransactionView::setModel(WalletModel *_model) QStringList listUrls = _model->getOptionsModel()->getThirdPartyTxUrls().split("|", QString::SkipEmptyParts); for (int i = 0; i < listUrls.size(); ++i) { - QString host = QUrl(listUrls[i].trimmed(), QUrl::StrictMode).host(); - if (!host.isEmpty()) + QUrl url = QUrl(listUrls[i].trimmed(), QUrl::StrictMode); + QString host = url.host(); + if (!host.isEmpty() && url.scheme() == "https") { QAction *thirdPartyTxUrlAction = new QAction(host, this); // use host as menu item label if (i == 0)