Explitly set TextFormat to Plaintext for SecureQLabel

Presence of a `&lt` would result in the AutoText [1] to result in improper rendering of the Label, resulting in a segmentation fault (see #628). Setting the format to plaintext not only resolves this issue but also provides defense-in-depth to ensure RichText is not displayed. [1]: https://doc.qt.io/qt-5/qt.html#TextFormat-enum
freedomofpress · Nov 27, 2019 · ff394d5 · ff394d5
1 parent 75d74a1
commit ff394d5
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/securedrop_client/gui/__init__.py b/securedrop_client/gui/__init__.py
@@ -156,6 +156,7 @@ def __init__(
         flags: Union[Qt.WindowFlags, Qt.WindowType] = Qt.WindowFlags(),
     ):
         super().__init__(parent, flags)
+        self.setTextFormat(Qt.PlainText)
         self.setText(text)
 
     def setText(self, text: str) -> None: