Bug 1252437 - XSS vulnerability through malicious bug aliases

2 files changed, 6 insertions, 3 deletions

diff --git a/extensions/BugModal/template/en/default/bug_modal/header.html.tmpl b/extensions/BugModal/template/en/default/bug_modal/header.html.tmpl
index 361b9ec9d..f70e77bb1 100644
--- a/extensions/BugModal/template/en/default/bug_modal/header.html.tmpl
+++ b/extensions/BugModal/template/en/default/bug_modal/header.html.tmpl
@@ -15,7 +15,8 @@
   END;
   title = "$bug.bug_id - ";
   IF bug.alias;
-    title = title _ "($bug.alias) ";
+    filtered_alias = bug.alias FILTER html;
+    title = title _ "($filtered_alias) ";
   END;
   unfiltered_title = title _ bug.short_desc;
   filtered_desc = bug.short_desc FILTER html;
diff --git a/template/en/default/bug/show-header.html.tmpl b/template/en/default/bug/show-header.html.tmpl
index e7d0a07fb..c8acca614 100644
--- a/template/en/default/bug/show-header.html.tmpl
+++ b/template/en/default/bug/show-header.html.tmpl
@@ -28,12 +28,14 @@
   # be overridden by the calling templates.
   #%]
 
+[% filtered_alias = bug.alias FILTER html %]
 [% filtered_desc = bug.short_desc FILTER html %]
-[% subheader = filtered_desc %]
 [% filtered_timestamp = bug.delta_ts FILTER time %]
+
+[% subheader = filtered_desc %]
 [% title = "$terms.Bug $bug.bug_id – " %]
 [% IF bug.alias != '' %]
-  [% title = title _ "($bug.alias) " %]
+  [% title = title _ "($filtered_alias) " %]
 [% END %]
 [% title = title _ filtered_desc %]
 [% generate_api_token = 1 %]