diff options
| author | justdave%syndicomm.com <> | 2003-04-25 05:49:27 +0200 |
|---|---|---|
| committer | justdave%syndicomm.com <> | 2003-04-25 05:49:27 +0200 |
| commit | 29021b187f042f023584dd3986c086ca68bef0a2 (patch) | |
| tree | d6c1c7c114ffe92462ef4f1817c6a87f18e4141c /template/en/default/bug | |
| parent | 2fac94504175f4964ad254f07e184e00e10eef08 (diff) | |
| download | bugzilla-29021b187f042f023584dd3986c086ca68bef0a2.tar.gz bugzilla-29021b187f042f023584dd3986c086ca68bef0a2.tar.xz | |
Bug 192677: Add new test to flag failure-to-filter situations in the templates, and correct the XSS holes that were discovered as a
result of it.
Patch by Gervase Markham <gerv@mozilla.org>
r= myk, bbaetz, justdave
a= justdave
Diffstat (limited to 'template/en/default/bug')
4 files changed, 9 insertions, 5 deletions
diff --git a/template/en/default/bug/create/create-guided.html.tmpl b/template/en/default/bug/create/create-guided.html.tmpl index a716ddca6..7ab7436a7 100644 --- a/template/en/default/bug/create/create-guided.html.tmpl +++ b/template/en/default/bug/create/create-guided.html.tmpl @@ -211,8 +211,10 @@ function PutDescription() { <form method="post" action="post_bug.cgi"> <input type="hidden" name="format" value="guided"> <input type="hidden" name="assigned_to" value=""> - <input type="hidden" name="priority" value="[% default.priority %]"> - <input type="hidden" name="version" value="[% default.version %]"> + <input type="hidden" name="priority" + value="[% default.priority FILTER html %]"> + <input type="hidden" name="version" + value="[% default.version FILTER html %]"> <table valign="top" cellpadding="5" cellspacing="5" border="0"> diff --git a/template/en/default/bug/create/create.html.tmpl b/template/en/default/bug/create/create.html.tmpl index c59cd3a70..fcc894e1e 100644 --- a/template/en/default/bug/create/create.html.tmpl +++ b/template/en/default/bug/create/create.html.tmpl @@ -107,7 +107,8 @@ [% sel = { description => 'Priority', name => 'priority' } %] [% INCLUDE select %] [% ELSE %] - <input type="hidden" name="priority" value="[% default.priority %]"> + <input type="hidden" name="priority" + value="[% default.priority FILTER html %]"> [% END %] [% sel = { description => 'Severity', name => 'bug_severity' } %] diff --git a/template/en/default/bug/create/make-template.html.tmpl b/template/en/default/bug/create/make-template.html.tmpl index 1e2495ff8..958d183cc 100644 --- a/template/en/default/bug/create/make-template.html.tmpl +++ b/template/en/default/bug/create/make-template.html.tmpl @@ -25,7 +25,7 @@ %] <p> -If you bookmark <a href="enter_bug.cgi?[% url %]">this link</a>, +If you bookmark <a href="enter_bug.cgi?[% url FILTER html %]">this link</a>, going to the bookmark will bring up the enter bug page with the fields initialized as you've requested. </p> diff --git a/template/en/default/bug/show-multiple.html.tmpl b/template/en/default/bug/show-multiple.html.tmpl index a5cdc4dc8..41d824eb3 100644 --- a/template/en/default/bug/show-multiple.html.tmpl +++ b/template/en/default/bug/show-multiple.html.tmpl @@ -106,7 +106,8 @@ <tr> <td colspan="4"> <b>URL:</b> - <a href="[% bug.bug_file_loc %]">[% bug.bug_file_loc FILTER html %]</a> + <a href="[% bug.bug_file_loc FILTER html %]"> + [% bug.bug_file_loc FILTER html %]</a> </tr> <tr> |