summaryrefslogtreecommitdiffstats
path: root/extensions/BugModal/template/en
diff options
context:
space:
mode:
authorDavid Lawrence <dkl@mozilla.com>2016-03-08 15:26:33 +0100
committerDavid Lawrence <dkl@mozilla.com>2016-03-08 15:26:44 +0100
commit02aa6ce0a7cd9ef14079a5ee22c175ff9d16ed58 (patch)
treed262348a346399b483951c41ec77e6e7017ca682 /extensions/BugModal/template/en
parent0a9f0581b3c8199476a3b8237c192947014f921a (diff)
downloadbugzilla-02aa6ce0a7cd9ef14079a5ee22c175ff9d16ed58.tar.gz
bugzilla-02aa6ce0a7cd9ef14079a5ee22c175ff9d16ed58.tar.xz
Bug 1252445 - Tracking flags configuration is vulnerable to CSRF and causes persistent XSS
Diffstat (limited to 'extensions/BugModal/template/en')
-rw-r--r--extensions/BugModal/template/en/default/bug_modal/header.html.tmpl3
1 files changed, 2 insertions, 1 deletions
diff --git a/extensions/BugModal/template/en/default/bug_modal/header.html.tmpl b/extensions/BugModal/template/en/default/bug_modal/header.html.tmpl
index f70e77bb1..84efbd077 100644
--- a/extensions/BugModal/template/en/default/bug_modal/header.html.tmpl
+++ b/extensions/BugModal/template/en/default/bug_modal/header.html.tmpl
@@ -77,7 +77,8 @@
[%# add tracking flags json if available %]
[% IF tracking_flags %]
[% javascript_urls.push("extensions/TrackingFlags/web/js/tracking_flags.js") %]
- TrackingFlags = [% tracking_flags_json FILTER none %];
+ var tracking_flags_str = "[% tracking_flags_json FILTER js %]";
+ var TrackingFlags = $.parseJSON(tracking_flags_str);
[% END %]
[%# update last-visited %]