summaryrefslogtreecommitdiffstats
path: root/extensions
diff options
context:
space:
mode:
authorDylan Hardison <dylan@mozilla.com>2016-03-01 16:25:31 +0100
committerDylan Hardison <dylan@mozilla.com>2016-03-01 16:25:31 +0100
commitc6e5e860709dcae379ca03c7c3124f94930d221c (patch)
treecb2e0c6cd917878d79322569b8727989f1f30b20 /extensions
parent33c79b8bd53b084122b95d8863d776cc6f4a2ad7 (diff)
downloadbugzilla-c6e5e860709dcae379ca03c7c3124f94930d221c.tar.gz
bugzilla-c6e5e860709dcae379ca03c7c3124f94930d221c.tar.xz
Bug 1252437 - XSS vulnerability through malicious bug aliases
Diffstat (limited to 'extensions')
-rw-r--r--extensions/BMO/template/en/default/hook/bug/show-header-end.html.tmpl3
1 files changed, 2 insertions, 1 deletions
diff --git a/extensions/BMO/template/en/default/hook/bug/show-header-end.html.tmpl b/extensions/BMO/template/en/default/hook/bug/show-header-end.html.tmpl
index c9338aaf2..c49d06b73 100644
--- a/extensions/BMO/template/en/default/hook/bug/show-header-end.html.tmpl
+++ b/extensions/BMO/template/en/default/hook/bug/show-header-end.html.tmpl
@@ -14,7 +14,8 @@
[% END %]
[% title = "$bug.bug_id &ndash; " %]
[% IF bug.alias != '' %]
- [% title = title _ "($bug.alias) " %]
+ [% filtered_alias = bug.alias FILTER html %]
+ [% title = title _ "($filtered_alias) " %]
[% END %]
[% title = title _ filtered_desc %]
[% javascript = javascript _