diff options
| author | justdave%syndicomm.com <> | 2003-04-25 05:49:27 +0200 |
|---|---|---|
| committer | justdave%syndicomm.com <> | 2003-04-25 05:49:27 +0200 |
| commit | 29021b187f042f023584dd3986c086ca68bef0a2 (patch) | |
| tree | d6c1c7c114ffe92462ef4f1817c6a87f18e4141c /template/en/default/list/table.html.tmpl | |
| parent | 2fac94504175f4964ad254f07e184e00e10eef08 (diff) | |
| download | bugzilla-29021b187f042f023584dd3986c086ca68bef0a2.tar.gz bugzilla-29021b187f042f023584dd3986c086ca68bef0a2.tar.xz | |
Bug 192677: Add new test to flag failure-to-filter situations in the templates, and correct the XSS holes that were discovered as a
result of it.
Patch by Gervase Markham <gerv@mozilla.org>
r= myk, bbaetz, justdave
a= justdave
Diffstat (limited to 'template/en/default/list/table.html.tmpl')
| -rw-r--r-- | template/en/default/list/table.html.tmpl | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/template/en/default/list/table.html.tmpl b/template/en/default/list/table.html.tmpl index 8a5d3ac57..53eb52b2d 100644 --- a/template/en/default/list/table.html.tmpl +++ b/template/en/default/list/table.html.tmpl @@ -82,7 +82,8 @@ <tr align="left"> <th colspan="[% splitheader ? 2 : 1 %]"> - <a href="buglist.cgi?[% urlquerypart %]&order=bugs.bug_id">ID</a> + <a href="buglist.cgi? + [% urlquerypart FILTER html %]&order=bugs.bug_id">ID</a> </th> [% IF splitheader %] @@ -115,7 +116,7 @@ [% BLOCK columnheader %] <th colspan="[% splitheader ? 2 : 1 %]"> - <a href="buglist.cgi?[% urlquerypart %]&order= + <a href="buglist.cgi?[% urlquerypart FILTER html %]&order= [% column.name FILTER url_quote FILTER html %] [% ",$qorder" FILTER html IF order %]"> [%- abbrev.$id.title || field_descs.$id || column.title -%]</a> |