diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2014-03-12 19:25:25 +0100 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2014-03-12 19:25:25 +0100 |
commit | ca7b39aa66be9b4deea1ead8e6a788025759b80d (patch) | |
tree | 175449c1a84408cdd89c244c834d0f13f115358b /template/en/default/attachment/edit.html.tmpl | |
parent | d51abfd7e3e1fcc3eea37e72ab0f49f3e28950a2 (diff) | |
download | bugzilla-ca7b39aa66be9b4deea1ead8e6a788025759b80d.tar.gz bugzilla-ca7b39aa66be9b4deea1ead8e6a788025759b80d.tar.xz |
Bug 728892: The attachment "Details" page is still vulnerable to Clickjacking with SVG or XHTML attachments
r/a=justdave
Diffstat (limited to 'template/en/default/attachment/edit.html.tmpl')
-rw-r--r-- | template/en/default/attachment/edit.html.tmpl | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/template/en/default/attachment/edit.html.tmpl b/template/en/default/attachment/edit.html.tmpl index dbcef2a71..1ab30853c 100644 --- a/template/en/default/attachment/edit.html.tmpl +++ b/template/en/default/attachment/edit.html.tmpl @@ -197,7 +197,7 @@ readonly = 'readonly' %] [% ELSE %] - <iframe id="viewFrame" src="attachment.cgi?id=[% attachment.id %]"> + <iframe id="viewFrame" src="attachment.cgi?id=[% attachment.id %]" sandbox> <b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=[% attachment.id %]">View the attachment on a separate page</a>.</b> </iframe> |