diff options
author | justdave%bugzilla.org <> | 2004-07-10 23:51:23 +0200 |
---|---|---|
committer | justdave%bugzilla.org <> | 2004-07-10 23:51:23 +0200 |
commit | 4e635c0676e60f4bf0af8fc76121ed41dfc2e092 (patch) | |
tree | f553d7acc62dc5674e730dd5aeacc9a4677a104f | |
parent | 33a8d18457464cc379635b6b519c239938ce3690 (diff) | |
download | bugzilla-4e635c0676e60f4bf0af8fc76121ed41dfc2e092.tar.gz bugzilla-4e635c0676e60f4bf0af8fc76121ed41dfc2e092.tar.xz |
Bug 238797: minor adjustment to javascript filters to prevent tags inserted in product, component, and flag names from causing problems.
r=gerv, a=justdave
-rw-r--r-- | Bugzilla/Template.pm | 2 | ||||
-rw-r--r-- | template/en/default/admin/flag-type/list.html.tmpl | 2 | ||||
-rw-r--r-- | template/en/default/bug/knob.html.tmpl | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm index cb6b54c90..cddd33ba4 100644 --- a/Bugzilla/Template.pm +++ b/Bugzilla/Template.pm @@ -229,7 +229,7 @@ sub create { # and newlines/carriage returns escaped for use in JS strings. js => sub { my ($var) = @_; - $var =~ s/([\\\'\"])/\\$1/g; + $var =~ s/([\\\'\"\/])/\\$1/g; $var =~ s/\n/\\n/g; $var =~ s/\r/\\r/g; $var =~ s/\@/\\x40/g; # anti-spam for email addresses diff --git a/template/en/default/admin/flag-type/list.html.tmpl b/template/en/default/admin/flag-type/list.html.tmpl index 0185df0c7..44cbf36c2 100644 --- a/template/en/default/admin/flag-type/list.html.tmpl +++ b/template/en/default/admin/flag-type/list.html.tmpl @@ -98,7 +98,7 @@ <td> <a href="editflagtypes.cgi?action=copy&id=[% type.id %]">Copy</a> | <a href="editflagtypes.cgi?action=confirmdelete&id=[% type.id %]" - onclick="return confirmDelete([% type.id %], '[% type.name FILTER js %]', + onclick="return confirmDelete([% type.id %], '[% type.name FILTER js FILTER html %]', [% type.flag_count %]);">Delete</a> </td> </tr> diff --git a/template/en/default/bug/knob.html.tmpl b/template/en/default/bug/knob.html.tmpl index f0194155d..b93f8099d 100644 --- a/template/en/default/bug/knob.html.tmpl +++ b/template/en/default/bug/knob.html.tmpl @@ -97,7 +97,7 @@ [% terms.bug %] to </label> <input name="assigned_to" size="32" - onchange="if ((this.value != '[% bug.assigned_to.email FILTER js %]') && + onchange="if ((this.value != '[% bug.assigned_to.email FILTER js FILTER html %]') && (this.value != '')) { document.changeform.knob[[% knum %]].checked=true; }" |