Bug 934543: persistent xss on page https://bugzilla.mozilla.org/user_profile

author: Byron Jones <bjones@mozilla.com> 2013-11-05 08:55:52 +0100
committer: Byron Jones <bjones@mozilla.com> 2013-11-05 08:55:52 +0100
commit: a4c4cbada652d6106aa87d2a08d29fce580449e9 (patch)
tree: ee5a5c75bd8760073336b0c5cf4e2d63f1a60522 /extensions/UserProfile
parent: 4bb32f2ca044607511c20c4da44c86f64c7d2c58 (diff)
download: bugzilla-a4c4cbada652d6106aa87d2a08d29fce580449e9.tar.gz
bugzilla-a4c4cbada652d6106aa87d2a08d29fce580449e9.tar.xz
1 files changed, 2 insertions, 1 deletions
diff --git a/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl b/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl
index 71442b822..f1107bd6a 100644
--- a/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl
+++ b/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl
@@ -8,8 +8,9 @@
 
 [% PROCESS global/variables.none.tmpl %]
 
+[% filtered_identity = target.identity FILTER html %]
 [% PROCESS global/header.html.tmpl
-   title = "User Profile: " _ target.identity
+   title = "User Profile: $filtered_identity"
    style_urls = [ "extensions/UserProfile/web/styles/user_profile.css" ]
    yui = [ 'autocomplete' ]
    javascript_urls = [ "js/field.js" ]
author	Byron Jones <bjones@mozilla.com>	2013-11-05 08:55:52 +0100
committer	Byron Jones <bjones@mozilla.com>	2013-11-05 08:55:52 +0100
commit	a4c4cbada652d6106aa87d2a08d29fce580449e9 (patch)
tree	ee5a5c75bd8760073336b0c5cf4e2d63f1a60522 /extensions/UserProfile
parent	4bb32f2ca044607511c20c4da44c86f64c7d2c58 (diff)
download	bugzilla-a4c4cbada652d6106aa87d2a08d29fce580449e9.tar.gz bugzilla-a4c4cbada652d6106aa87d2a08d29fce580449e9.tar.xz