Some special characters from payment request are displayed wrong in Eclair mobile

[dpad85]

Issue by btcontract
Tuesday Jan 23, 2018 at 15:51 GMT
Originally opened as ACINQ/eclair#398

---

Some encoded special characters, such as apostrophe, are not properly displayed in Eclair mobile, for example:

Similar payment request in another app:

[dpad85]

Comment by verretor
Tuesday Jan 23, 2018 at 16:36 GMT

---

It seems the Android app is escaping HTML which is good for security in my opinion although a bit ugly.

[dpad85]

Comment by btcontract
Tuesday Jan 23, 2018 at 16:49 GMT

---

@verretor is this relevant inside of Android app? A far as I know escaping is done to prevent javascript execution on websites.

[dpad85]

Comment by verretor
Tuesday Jan 23, 2018 at 17:16 GMT

---

Could be SQL injection. Eclair uses SQLite.

There are some characters that cause problems in some very specific situations. Imagine your app uses UTF-8 encoding and accepts 2 byte characters such as 뼢 but your database has an encoding that only accepts 1 byte characters.
뼢 is 0xbf22 (2 byte) but when translated into 1 byte, it becomes:
0xbf 0x22 = ¿"

Notice the double quote. That's just one of many examples and it requires a lot of tests to make sure it is really safe.

I think it's better to be too careful than not enough but that's just my opinion.

[dpad85]

Comment by dpad85
Tuesday Apr 03, 2018 at 16:36 GMT

---

@btcontract By chance did you keep the payment request with the Elaine's Idle Mind description ? I can't reproduce this issue, even with some exotic characters.

[dpad85]

Comment by btcontract
Tuesday Apr 03, 2018 at 17:16 GMT

---

no, sorry, it's been a long time.