diff options
author | Dylan Hardison <dylan@mozilla.com> | 2016-03-08 15:32:41 +0100 |
---|---|---|
committer | Dylan Hardison <dylan@mozilla.com> | 2016-03-08 15:32:41 +0100 |
commit | 30143b3262e3774d8618181cfae3100795fcbae2 (patch) | |
tree | 09a874e1f7b45ad570d73441d4c7a5c18f3df7a7 | |
parent | 02aa6ce0a7cd9ef14079a5ee22c175ff9d16ed58 (diff) | |
download | bugzilla-30143b3262e3774d8618181cfae3100795fcbae2.tar.gz bugzilla-30143b3262e3774d8618181cfae3100795fcbae2.tar.xz |
Bug 1252554 - Avoid possibility of XSS in release tracking report
-rw-r--r-- | extensions/BMO/template/en/default/pages/release_tracking_report.html.tmpl | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/extensions/BMO/template/en/default/pages/release_tracking_report.html.tmpl b/extensions/BMO/template/en/default/pages/release_tracking_report.html.tmpl index 25188ed41..79587205c 100644 --- a/extensions/BMO/template/en/default/pages/release_tracking_report.html.tmpl +++ b/extensions/BMO/template/en/default/pages/release_tracking_report.html.tmpl @@ -19,9 +19,9 @@ </noscript> <script> -var flags_data = [% flags_json FILTER none %]; -var products_data = [% products_json FILTER none %]; -var fields_data = [% fields_json FILTER none %]; +var flags_data = $.parseJSON("[% flags_json FILTER js %]"); +var products_data = $.parseJSON("[% products_json FILTER js %]"); +var fields_data = $.parseJSON("[% fields_json FILTER js %]"); var default_query = '[% default_query FILTER js %]'; </script> |