diff options
author | Dylan Hardison <dylan@mozilla.com> | 2016-03-01 16:25:31 +0100 |
---|---|---|
committer | Dylan Hardison <dylan@mozilla.com> | 2016-03-01 16:25:31 +0100 |
commit | c6e5e860709dcae379ca03c7c3124f94930d221c (patch) | |
tree | cb2e0c6cd917878d79322569b8727989f1f30b20 /extensions/BMO/template/en | |
parent | 33c79b8bd53b084122b95d8863d776cc6f4a2ad7 (diff) | |
download | bugzilla-c6e5e860709dcae379ca03c7c3124f94930d221c.tar.gz bugzilla-c6e5e860709dcae379ca03c7c3124f94930d221c.tar.xz |
Bug 1252437 - XSS vulnerability through malicious bug aliases
Diffstat (limited to 'extensions/BMO/template/en')
-rw-r--r-- | extensions/BMO/template/en/default/hook/bug/show-header-end.html.tmpl | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/extensions/BMO/template/en/default/hook/bug/show-header-end.html.tmpl b/extensions/BMO/template/en/default/hook/bug/show-header-end.html.tmpl index c9338aaf2..c49d06b73 100644 --- a/extensions/BMO/template/en/default/hook/bug/show-header-end.html.tmpl +++ b/extensions/BMO/template/en/default/hook/bug/show-header-end.html.tmpl @@ -14,7 +14,8 @@ [% END %] [% title = "$bug.bug_id – " %] [% IF bug.alias != '' %] - [% title = title _ "($bug.alias) " %] + [% filtered_alias = bug.alias FILTER html %] + [% title = title _ "($filtered_alias) " %] [% END %] [% title = title _ filtered_desc %] [% javascript = javascript _ |