summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorByron Jones <bjones@mozilla.com>2013-11-05 08:55:52 +0100
committerByron Jones <bjones@mozilla.com>2013-11-05 08:55:52 +0100
commita4c4cbada652d6106aa87d2a08d29fce580449e9 (patch)
treeee5a5c75bd8760073336b0c5cf4e2d63f1a60522
parent4bb32f2ca044607511c20c4da44c86f64c7d2c58 (diff)
downloadbugzilla-a4c4cbada652d6106aa87d2a08d29fce580449e9.tar.gz
bugzilla-a4c4cbada652d6106aa87d2a08d29fce580449e9.tar.xz
Bug 934543: persistent xss on page https://bugzilla.mozilla.org/user_profile
-rw-r--r--extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl3
1 files changed, 2 insertions, 1 deletions
diff --git a/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl b/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl
index 71442b822..f1107bd6a 100644
--- a/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl
+++ b/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl
@@ -8,8 +8,9 @@
[% PROCESS global/variables.none.tmpl %]
+[% filtered_identity = target.identity FILTER html %]
[% PROCESS global/header.html.tmpl
- title = "User Profile: " _ target.identity
+ title = "User Profile: $filtered_identity"
style_urls = [ "extensions/UserProfile/web/styles/user_profile.css" ]
yui = [ 'autocomplete' ]
javascript_urls = [ "js/field.js" ]