Bug 978070: Do not use document.write() to insert HTML code

r/a=justdave
author: Frédéric Buclin <LpSolit@gmail.com> 2014-03-26 20:10:07 +0100
committer: Frédéric Buclin <LpSolit@gmail.com> 2014-03-26 20:10:07 +0100
commit: cf74a17e34f66ecdeb092f7b020bed95821a2492 (patch)
tree: 0b188f062dd96107ee6cc75ba4570a5ef44bea96 /template/en/default/global
parent: fd518e1e24aa4b1164634ef5c432621f2c6bbb64 (diff)
download: bugzilla-cf74a17e34f66ecdeb092f7b020bed95821a2492.tar.gz
bugzilla-cf74a17e34f66ecdeb092f7b020bed95821a2492.tar.xz
1 files changed, 3 insertions, 9 deletions
diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl
index 8a0b459b3..1c3422fa8 100644
--- a/template/en/default/global/code-error.html.tmpl
+++ b/template/en/default/global/code-error.html.tmpl
@@ -430,15 +430,9 @@
   with details of what you were doing at the time this message appeared.
 </p>
 
-<samp>
-  <script type="text/javascript"> <!--
-    document.write("<p>URL: " +
-                    document.location.href.replace(/&/g,"&amp;")
-                                          .replace(/</g,"&lt;")
-                                          .replace(/>/g,"&gt;") + "</p>");
-  // -->
-  </script>
-</samp>
+<p>
+  <samp>URL: [% Bugzilla.cgi.self_url FILTER html %]</samp>
+</p>
 
 <div id="error_msg" class="throw_error">
   [% error_message FILTER none %]
author	Frédéric Buclin <LpSolit@gmail.com>	2014-03-26 20:10:07 +0100
committer	Frédéric Buclin <LpSolit@gmail.com>	2014-03-26 20:10:07 +0100
commit	cf74a17e34f66ecdeb092f7b020bed95821a2492 (patch)
tree	0b188f062dd96107ee6cc75ba4570a5ef44bea96 /template/en/default/global
parent	fd518e1e24aa4b1164634ef5c432621f2c6bbb64 (diff)
download	bugzilla-cf74a17e34f66ecdeb092f7b020bed95821a2492.tar.gz bugzilla-cf74a17e34f66ecdeb092f7b020bed95821a2492.tar.xz