From b2211a41393358f496b6977df7336dd8f5fdfd78 Mon Sep 17 00:00:00 2001
From: Patrick Lodder <patricklodder@users.noreply.github.com>
Date: Sat, 27 Feb 2021 22:53:15 +0100
Subject: [PATCH] [qt] only allow https explorer links

As reported by Fabian Braeunlein of PS Positive Security GmbH
---
 src/qt/transactionview.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/qt/transactionview.cpp b/src/qt/transactionview.cpp
index 30f4db945..eae920ed4 100644
--- a/src/qt/transactionview.cpp
+++ b/src/qt/transactionview.cpp
@@ -220,8 +220,9 @@ void TransactionView::setModel(WalletModel *_model)
             QStringList listUrls = _model->getOptionsModel()->getThirdPartyTxUrls().split("|", QString::SkipEmptyParts);
             for (int i = 0; i < listUrls.size(); ++i)
             {
-                QString host = QUrl(listUrls[i].trimmed(), QUrl::StrictMode).host();
-                if (!host.isEmpty())
+                QUrl url = QUrl(listUrls[i].trimmed(), QUrl::StrictMode);
+                QString host = url.host();
+                if (!host.isEmpty() && url.scheme() == "https")
                 {
                     QAction *thirdPartyTxUrlAction = new QAction(host, this); // use host as menu item label
                     if (i == 0)