summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDylan Hardison <dylan@mozilla.com>2016-03-08 15:32:41 +0100
committerDylan Hardison <dylan@mozilla.com>2016-03-08 15:32:41 +0100
commit30143b3262e3774d8618181cfae3100795fcbae2 (patch)
tree09a874e1f7b45ad570d73441d4c7a5c18f3df7a7
parent02aa6ce0a7cd9ef14079a5ee22c175ff9d16ed58 (diff)
downloadbugzilla-30143b3262e3774d8618181cfae3100795fcbae2.tar.gz
bugzilla-30143b3262e3774d8618181cfae3100795fcbae2.tar.xz
Bug 1252554 - Avoid possibility of XSS in release tracking report
-rw-r--r--extensions/BMO/template/en/default/pages/release_tracking_report.html.tmpl6
1 files changed, 3 insertions, 3 deletions
diff --git a/extensions/BMO/template/en/default/pages/release_tracking_report.html.tmpl b/extensions/BMO/template/en/default/pages/release_tracking_report.html.tmpl
index 25188ed41..79587205c 100644
--- a/extensions/BMO/template/en/default/pages/release_tracking_report.html.tmpl
+++ b/extensions/BMO/template/en/default/pages/release_tracking_report.html.tmpl
@@ -19,9 +19,9 @@
</noscript>
<script>
-var flags_data = [% flags_json FILTER none %];
-var products_data = [% products_json FILTER none %];
-var fields_data = [% fields_json FILTER none %];
+var flags_data = $.parseJSON("[% flags_json FILTER js %]");
+var products_data = $.parseJSON("[% products_json FILTER js %]");
+var fields_data = $.parseJSON("[% fields_json FILTER js %]");
var default_query = '[% default_query FILTER js %]';
</script>