Bug 968576: [SECURITY] Dangerous control characters allowed in Bugzilla text

r=glob a=justdave
author: Manish Goregaokar <manishearth@gmail.com> 2014-04-17 18:37:11 +0200
committer: Frédéric Buclin <LpSolit@gmail.com> 2014-04-17 18:37:11 +0200
commit: 6066ff31980fddc2eb97b987c5bbd1a931495f1e (patch)
tree: 2063ecd87ec1588447b0cc8acb5d8831e1fa7510 /template/en/default/email
parent: e5daf5788336ccbf910ecaf9cf6463ef0ed7081c (diff)
download: bugzilla-6066ff31980fddc2eb97b987c5bbd1a931495f1e.tar.gz
bugzilla-6066ff31980fddc2eb97b987c5bbd1a931495f1e.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/template/en/default/email/bugmail.txt.tmpl b/template/en/default/email/bugmail.txt.tmpl
index 0b349fb15..a3a0b873c 100644
--- a/template/en/default/email/bugmail.txt.tmpl
+++ b/template/en/default/email/bugmail.txt.tmpl
@@ -32,7 +32,7 @@
 [%- IF comment.count %]
 --- Comment #[% comment.count %] from [% comment.author.identity %] ---
 [% END %]
-[%+ comment.body_full({ is_bugmail => 1, wrap => 1 }) %]
+[%+ comment.body_full({ is_bugmail => 1, wrap => 1 }) FILTER strip_control_chars %]
 [% END %]
 
 -- [%# Protect the trailing space of the signature marker %]
author	Manish Goregaokar <manishearth@gmail.com>	2014-04-17 18:37:11 +0200
committer	Frédéric Buclin <LpSolit@gmail.com>	2014-04-17 18:37:11 +0200
commit	6066ff31980fddc2eb97b987c5bbd1a931495f1e (patch)
tree	2063ecd87ec1588447b0cc8acb5d8831e1fa7510 /template/en/default/email
parent	e5daf5788336ccbf910ecaf9cf6463ef0ed7081c (diff)
download	bugzilla-6066ff31980fddc2eb97b987c5bbd1a931495f1e.tar.gz bugzilla-6066ff31980fddc2eb97b987c5bbd1a931495f1e.tar.xz