diff options
| author | Frédéric Buclin <LpSolit@gmail.com> | 2014-01-09 17:49:42 +0100 |
|---|---|---|
| committer | Frédéric Buclin <LpSolit@gmail.com> | 2014-01-09 17:49:42 +0100 |
| commit | e117d6b88aec9301c04600842c515053f4b74a2a (patch) | |
| tree | c4003644f1f62847057df1e16dd76e3cc279419e /js | |
| parent | 2f7a7d315c2b05404a292c785ce9d3e9e7a48985 (diff) | |
| download | bugzilla-e117d6b88aec9301c04600842c515053f4b74a2a.tar.gz bugzilla-e117d6b88aec9301c04600842c515053f4b74a2a.tar.xz | |
Bug 957826: XSS in the comment tag field
r=glob a=justdave
Diffstat (limited to 'js')
| -rw-r--r-- | js/comment-tagging.js | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/js/comment-tagging.js b/js/comment-tagging.js index b700fe11d..035d05b0b 100644 --- a/js/comment-tagging.js +++ b/js/comment-tagging.js @@ -197,7 +197,7 @@ YAHOO.bugzilla.commentTagging = { YAHOO.util.Event.stopEvent(evt); }, tag); li.appendChild(document.createTextNode(' (' + this.nos_by_tag[tag].length + ')')); - a.innerHTML = tag; + a.innerHTML = YAHOO.lang.escapeHTML(tag); } while (container.hasChildNodes()) { container.removeChild(container.lastChild); |