diff options
author | David Lawrence <dkl@mozilla.com> | 2016-03-08 15:26:33 +0100 |
---|---|---|
committer | David Lawrence <dkl@mozilla.com> | 2016-03-08 15:26:44 +0100 |
commit | 02aa6ce0a7cd9ef14079a5ee22c175ff9d16ed58 (patch) | |
tree | d262348a346399b483951c41ec77e6e7017ca682 /extensions/BugModal/template/en | |
parent | 0a9f0581b3c8199476a3b8237c192947014f921a (diff) | |
download | bugzilla-02aa6ce0a7cd9ef14079a5ee22c175ff9d16ed58.tar.gz bugzilla-02aa6ce0a7cd9ef14079a5ee22c175ff9d16ed58.tar.xz |
Bug 1252445 - Tracking flags configuration is vulnerable to CSRF and causes persistent XSS
Diffstat (limited to 'extensions/BugModal/template/en')
-rw-r--r-- | extensions/BugModal/template/en/default/bug_modal/header.html.tmpl | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/extensions/BugModal/template/en/default/bug_modal/header.html.tmpl b/extensions/BugModal/template/en/default/bug_modal/header.html.tmpl index f70e77bb1..84efbd077 100644 --- a/extensions/BugModal/template/en/default/bug_modal/header.html.tmpl +++ b/extensions/BugModal/template/en/default/bug_modal/header.html.tmpl @@ -77,7 +77,8 @@ [%# add tracking flags json if available %] [% IF tracking_flags %] [% javascript_urls.push("extensions/TrackingFlags/web/js/tracking_flags.js") %] - TrackingFlags = [% tracking_flags_json FILTER none %]; + var tracking_flags_str = "[% tracking_flags_json FILTER js %]"; + var TrackingFlags = $.parseJSON(tracking_flags_str); [% END %] [%# update last-visited %] |