diff options
author | lpsolit%gmail.com <> | 2006-10-15 05:26:50 +0200 |
---|---|---|
committer | lpsolit%gmail.com <> | 2006-10-15 05:26:50 +0200 |
commit | b1ef63e5bfc0d3995245b42154686db1400b2c22 (patch) | |
tree | 0db4955b3303c2e5565d6e97e8fac62c63147117 /template/en/default/admin/components | |
parent | 40aae68e1263b9677285473a9205cef378b451c0 (diff) | |
download | bugzilla-b1ef63e5bfc0d3995245b42154686db1400b2c22.tar.gz bugzilla-b1ef63e5bfc0d3995245b42154686db1400b2c22.tar.xz |
Bug 206037: [SECURITY] Fix escaping/quoting in edit*.cgi scripts - Patch by Frédéric Buclin <LpSolit@gmail.com> r=justdave a=justdave
Diffstat (limited to 'template/en/default/admin/components')
-rw-r--r-- | template/en/default/admin/components/confirm-delete.html.tmpl | 4 | ||||
-rw-r--r-- | template/en/default/admin/components/updated.html.tmpl | 2 |
2 files changed, 3 insertions, 3 deletions
diff --git a/template/en/default/admin/components/confirm-delete.html.tmpl b/template/en/default/admin/components/confirm-delete.html.tmpl index 4c94813fd..e7e00636e 100644 --- a/template/en/default/admin/components/confirm-delete.html.tmpl +++ b/template/en/default/admin/components/confirm-delete.html.tmpl @@ -44,7 +44,7 @@ </tr> <tr> <td valign="top">Component Description:</td> - <td valign="top">[% comp.description FILTER html %]</td> + <td valign="top">[% comp.description FILTER html_light %]</td> </tr> <tr> <td valign="top">Default assignee:</td> @@ -66,7 +66,7 @@ </tr> <tr> <td valign="top">Product Description:</td> - <td valign="top">[% product.description FILTER html %]</td> + <td valign="top">[% product.description FILTER html_light %]</td> [% END %] [% IF Param('usetargetmilestone') %] diff --git a/template/en/default/admin/components/updated.html.tmpl b/template/en/default/admin/components/updated.html.tmpl index a6f2c8b9d..a4cbfdf5b 100644 --- a/template/en/default/admin/components/updated.html.tmpl +++ b/template/en/default/admin/components/updated.html.tmpl @@ -56,7 +56,7 @@ <table> <tr> <td>Updated description to:</td> - <td>'[% comp.description FILTER html %]'</td> + <td>'[% comp.description FILTER html_light %]'</td> </tr> </table> [% END %] |