diff options
author | justdave%syndicomm.com <> | 2003-04-25 05:49:27 +0200 |
---|---|---|
committer | justdave%syndicomm.com <> | 2003-04-25 05:49:27 +0200 |
commit | 29021b187f042f023584dd3986c086ca68bef0a2 (patch) | |
tree | d6c1c7c114ffe92462ef4f1817c6a87f18e4141c /template/en/default/global/hidden-fields.html.tmpl | |
parent | 2fac94504175f4964ad254f07e184e00e10eef08 (diff) | |
download | bugzilla-29021b187f042f023584dd3986c086ca68bef0a2.tar.gz bugzilla-29021b187f042f023584dd3986c086ca68bef0a2.tar.xz |
Bug 192677: Add new test to flag failure-to-filter situations in the templates, and correct the XSS holes that were discovered as a
result of it.
Patch by Gervase Markham <gerv@mozilla.org>
r= myk, bbaetz, justdave
a= justdave
Diffstat (limited to 'template/en/default/global/hidden-fields.html.tmpl')
-rw-r--r-- | template/en/default/global/hidden-fields.html.tmpl | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/template/en/default/global/hidden-fields.html.tmpl b/template/en/default/global/hidden-fields.html.tmpl index f968fab20..a824c3489 100644 --- a/template/en/default/global/hidden-fields.html.tmpl +++ b/template/en/default/global/hidden-fields.html.tmpl @@ -32,11 +32,11 @@ [% NEXT IF exclude && field.key.search(exclude) %] [% IF mform.${field.key}.size > 1 %] [% FOREACH mvalue = mform.${field.key} %] - <input type="hidden" name="[% field.key %]" + <input type="hidden" name="[% field.key FILTER html %]" value="[% mvalue | html | html_linebreak %]"> [% END %] [% ELSE %] - <input type="hidden" name="[% field.key %]" + <input type="hidden" name="[% field.key FILTER html %]" value="[% field.value | html | html_linebreak %]"> [% END %] [% END %] |