Bug 207044 - Filter more template directives. None of these are security bugs, but they need fixing anyway. Patch by gerv; r,a=justdave.

2 files changed, 6 insertions, 4 deletions

diff --git a/template/en/default/bug/process/bugmail.html.tmpl b/template/en/default/bug/process/bugmail.html.tmpl
index 631842a40..1e9c13abe 100644
--- a/template/en/default/bug/process/bugmail.html.tmpl
+++ b/template/en/default/bug/process/bugmail.html.tmpl
@@ -61,10 +61,10 @@
 [%############################################################################%]
 
 [% BLOCK emails %]
-  <b>[% description %]:</b>
+  <b>[% description FILTER html %]:</b>
   [% IF names.size > 0 %]
     [%+ FOREACH name = names %]
-      [% name %][% ", " UNLESS loop.last() %]
+      [% name FILTER html %][% ", " UNLESS loop.last() %]
     [% END %]
   [% ELSE %]
     no one
diff --git a/template/en/default/bug/process/verify-new-product.html.tmpl b/template/en/default/bug/process/verify-new-product.html.tmpl
index fd37707dc..b3e6af250 100644
--- a/template/en/default/bug/process/verify-new-product.html.tmpl
+++ b/template/en/default/bug/process/verify-new-product.html.tmpl
@@ -48,11 +48,13 @@
 
   <p>
   [% IF use_target_milestone %]
-    You are moving the [% terms.bug %](s) to the product <b>[% form.product %]</b>,
+    You are moving the [% terms.bug %](s) to the product 
+    <b>[% form.product FILTER html %]</b>,
     and the version, component, and/or target milestone fields are no longer
     correct.  Please set the correct version, component, and target milestone now:
   [% ELSE %]
-    You are moving the [% terms.bug %](s) to the product <b>[% form.product %]</b>,
+    You are moving the [% terms.bug %](s) to the product 
+    <b>[% form.product FILTER html %]</b>,
     and the version and component fields are no longer correct.
     Please set the correct version and component now:
   [% END %]