Bug 1252445 - Tracking flags configuration is vulnerable to CSRF and causes persistent XSS

2 files changed, 4 insertions, 2 deletions

diff --git a/extensions/TrackingFlags/template/en/default/hook/bug/create/create-form.html.tmpl b/extensions/TrackingFlags/template/en/default/hook/bug/create/create-form.html.tmpl
index 53f80a885..a29357b11 100644
--- a/extensions/TrackingFlags/template/en/default/hook/bug/create/create-form.html.tmpl
+++ b/extensions/TrackingFlags/template/en/default/hook/bug/create/create-form.html.tmpl
@@ -30,7 +30,8 @@
 
 <script type="text/javascript">
   $(function() {
-    var tracking_flag_components = [% tracking_flag_components FILTER none %];
+    var tracking_flag_components_str = "[% tracking_flag_components FILTER js %]";
+    var tracking_flag_components = $.parseJSON(tracking_flag_components_str);
     var highest_status_firefox = '[% highest_status_firefox FILTER js %]';
 
     $('#component')
diff --git a/extensions/TrackingFlags/template/en/default/hook/bug/edit-after_custom_fields.html.tmpl b/extensions/TrackingFlags/template/en/default/hook/bug/edit-after_custom_fields.html.tmpl
index b66bd3df4..aab7056e6 100644
--- a/extensions/TrackingFlags/template/en/default/hook/bug/edit-after_custom_fields.html.tmpl
+++ b/extensions/TrackingFlags/template/en/default/hook/bug/edit-after_custom_fields.html.tmpl
@@ -41,6 +41,7 @@
 [% END %]
 
 <script type="text/javascript">
-  TrackingFlags = [% tracking_flags_json FILTER none %];
+  var tracking_flags_str = "[% tracking_flags_json FILTER js %]";
+  var TrackingFlags = $.parseJSON(tracking_flags_str);
   hide_tracking_flags();
 </script>