Several Corrections & Clarifications Suggested On IRC

**Suggested by @cbeams:** _includes/ref_block_chain.md: * Mention that coinbase is the first transaction in a block. **Suggested by @gmaxwell:** _includes/ref_core_rpcs-abcdefg.md: * Mention that you need to unlock your wallet when you run out of keys in the keypool. * Remove erroneous assertion that txindex=1 would allow `getreceivedbyaddress` to check balances of addresses not belonging to this wallet. _includes/ref_transactions.md: * Clarify that OP_RETURN scripts aren't usually executed because they always return false. en/developer-reference.md * Add a warning about using block chain or mempool data in executable context.
2025-07-27 09:46:12 +00:00 · 2014-05-21 23:08:57 -04:00 · 2014-05-21 23:08:57 -04:00 · 68cd5b6ff9
commit 68cd5b6ff9
parent c1e61199a1
4 changed files with 17 additions and 7 deletions
--- a/en/developer-reference.md
+++ b/en/developer-reference.md
@ -33,6 +33,15 @@ title: "Developer Reference - Bitcoin"

 ### Remote Procedure Calls (RPCs)

+**Warning:** the block chain and memory pool can include arbitrary data
+which several of the commands below will return in hex format. If you
+convert this data to another format in an executable context, it could
+be used in an exploit. For example, displaying an output script as
+ASCII text in a webpage could add arbitrary Javascript to that page and
+create a cross-site scripting (XSS) exploit. To avoid problems, please
+treat block chain and memory pool data as an arbitrary input from an
+untrusted source.
+
 {% include ref_core_rpcs-abcdefg.md %}
 {% include ref_core_rpcs-hijklmn.md %}
 {% include ref_core_rpcs-opqrst.md %}