diff options
author | Dylan William Hardison <dylan@mozilla.com> | 2014-12-16 05:24:08 +0100 |
---|---|---|
committer | Byron Jones <glob@mozilla.com> | 2014-12-16 05:24:08 +0100 |
commit | fc43974e16275e2e85ab88dbb63a3e5c0fd6a08e (patch) | |
tree | 3a2dcc0c5b6c6dd28e92b89d7b3e4296d932a752 /extensions/Review/web/js | |
parent | 812af0321244c41a21f5f280120a0b411cdf1f39 (diff) | |
download | bugzilla-fc43974e16275e2e85ab88dbb63a3e5c0fd6a08e.tar.gz bugzilla-fc43974e16275e2e85ab88dbb63a3e5c0fd6a08e.tar.xz |
Bug 1111862: HTML code injection in review history page
Diffstat (limited to 'extensions/Review/web/js')
-rw-r--r-- | extensions/Review/web/js/review_history.js | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/extensions/Review/web/js/review_history.js b/extensions/Review/web/js/review_history.js index ea35edf26..4e31d2f73 100644 --- a/extensions/Review/web/js/review_history.js +++ b/extensions/Review/web/js/review_history.js @@ -87,9 +87,9 @@ historyTable = new Y.DataTable({ columns: [ { key: 'creation_time', label: 'Created', sortable: true, formatter: format_date }, - { key: 'attachment', label: 'Attachment', formatter: format_attachment, allowHTML: true }, + { key: 'attachment', label: 'Attachment', formatter: format_attachment }, { key: 'setter', label: 'Requester', formatter: format_setter }, - { key: "action", label: "Action", sortable: true, allowHTML: true, formatter: format_action }, + { key: "action", label: "Action", sortable: true, formatter: format_action }, { key: "duration", label: "Duration", sortable: true, formatter: format_duration }, { key: "bug_id", label: "Bug", sortable: true, allowHTML: true, formatter: '<a href="show_bug.cgi?id={value}" target="_blank">{value}</a>' }, |