diff options
| author | Reed Loden <reed@reedloden.com> | 2011-01-24 19:05:09 +0100 |
|---|---|---|
| committer | Reed Loden <reed@reedloden.com> | 2011-01-24 19:05:09 +0100 |
| commit | c283f5e77dc1f3a865a95aa95d1b03e0935ed0a5 (patch) | |
| tree | 1d001a3b9dbffbe19084db526ad60d28bb98b3b0 /js | |
| parent | fee4dfba5bce719769ee2733a0e7b824aaf298d6 (diff) | |
| download | bugzilla-c283f5e77dc1f3a865a95aa95d1b03e0935ed0a5.tar.gz bugzilla-c283f5e77dc1f3a865a95aa95d1b03e0935ed0a5.tar.xz | |
Bug 619637: (CVE-2010-4569) [SECURITY] XSS in user autocomplete due to lack of encoding by YUI
[r=mkanat r=dkl a=LpSolit]
Diffstat (limited to 'js')
| -rw-r--r-- | js/field.js | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/js/field.js b/js/field.js index 621cdf3eb..9d0f346ef 100644 --- a/js/field.js +++ b/js/field.js @@ -661,6 +661,13 @@ function browserCanHideOptions(aSelect) { /* (end) option hiding code */ +// A convenience function to sanitize raw text for harmful HTML before outputting +function _escapeHTML(text) { + return text.replace(/&/g, '&'). + replace(/</g, '<'). + replace(/>/g, '>'); +} + /** * The Autoselect */ @@ -686,7 +693,7 @@ YAHOO.bugzilla.userAutocomplete = { return stringified; }, resultListFormat : function(oResultData, enteredText, sResultMatch) { - return ( oResultData.real_name + " (" + oResultData.email + ")"); + return ( _escapeHTML(oResultData.real_name) + " (" + _escapeHTML(oResultData.email) + ")"); }, debug_helper : function ( ){ /* used to help debug any errors that might happen */ |