summaryrefslogtreecommitdiffstats
path: root/template/en/default/bug
diff options
context:
space:
mode:
authorDylan Hardison <dylan@mozilla.com>2016-03-01 15:48:31 +0100
committerDylan Hardison <dylan@mozilla.com>2016-03-01 15:48:31 +0100
commit33c79b8bd53b084122b95d8863d776cc6f4a2ad7 (patch)
tree600ea70c62624648215bc37e56b97261eb7a4ecc /template/en/default/bug
parent8ce105347fda12b58424f8fb21cfc7a9bd7e2431 (diff)
downloadbugzilla-33c79b8bd53b084122b95d8863d776cc6f4a2ad7.tar.gz
bugzilla-33c79b8bd53b084122b95d8863d776cc6f4a2ad7.tar.xz
Bug 1252437 - XSS vulnerability through malicious bug aliases
Diffstat (limited to 'template/en/default/bug')
-rw-r--r--template/en/default/bug/show-header.html.tmpl6
1 files changed, 4 insertions, 2 deletions
diff --git a/template/en/default/bug/show-header.html.tmpl b/template/en/default/bug/show-header.html.tmpl
index e7d0a07fb..c8acca614 100644
--- a/template/en/default/bug/show-header.html.tmpl
+++ b/template/en/default/bug/show-header.html.tmpl
@@ -28,12 +28,14 @@
# be overridden by the calling templates.
#%]
+[% filtered_alias = bug.alias FILTER html %]
[% filtered_desc = bug.short_desc FILTER html %]
-[% subheader = filtered_desc %]
[% filtered_timestamp = bug.delta_ts FILTER time %]
+
+[% subheader = filtered_desc %]
[% title = "$terms.Bug $bug.bug_id &ndash; " %]
[% IF bug.alias != '' %]
- [% title = title _ "($bug.alias) " %]
+ [% title = title _ "($filtered_alias) " %]
[% END %]
[% title = title _ filtered_desc %]
[% generate_api_token = 1 %]