summaryrefslogtreecommitdiffstats
path: root/extensions/Review/web/js
diff options
context:
space:
mode:
authorDylan William Hardison <dylan@mozilla.com>2014-12-16 05:24:08 +0100
committerByron Jones <glob@mozilla.com>2014-12-16 05:24:08 +0100
commitfc43974e16275e2e85ab88dbb63a3e5c0fd6a08e (patch)
tree3a2dcc0c5b6c6dd28e92b89d7b3e4296d932a752 /extensions/Review/web/js
parent812af0321244c41a21f5f280120a0b411cdf1f39 (diff)
downloadbugzilla-fc43974e16275e2e85ab88dbb63a3e5c0fd6a08e.tar.gz
bugzilla-fc43974e16275e2e85ab88dbb63a3e5c0fd6a08e.tar.xz
Bug 1111862: HTML code injection in review history page
Diffstat (limited to 'extensions/Review/web/js')
-rw-r--r--extensions/Review/web/js/review_history.js4
1 files changed, 2 insertions, 2 deletions
diff --git a/extensions/Review/web/js/review_history.js b/extensions/Review/web/js/review_history.js
index ea35edf26..4e31d2f73 100644
--- a/extensions/Review/web/js/review_history.js
+++ b/extensions/Review/web/js/review_history.js
@@ -87,9 +87,9 @@
historyTable = new Y.DataTable({
columns: [
{ key: 'creation_time', label: 'Created', sortable: true, formatter: format_date },
- { key: 'attachment', label: 'Attachment', formatter: format_attachment, allowHTML: true },
+ { key: 'attachment', label: 'Attachment', formatter: format_attachment },
{ key: 'setter', label: 'Requester', formatter: format_setter },
- { key: "action", label: "Action", sortable: true, allowHTML: true, formatter: format_action },
+ { key: "action", label: "Action", sortable: true, formatter: format_action },
{ key: "duration", label: "Duration", sortable: true, formatter: format_duration },
{ key: "bug_id", label: "Bug", sortable: true, allowHTML: true,
formatter: '<a href="show_bug.cgi?id={value}" target="_blank">{value}</a>' },