summaryrefslogtreecommitdiffstats
path: root/template/en/default/list
diff options
context:
space:
mode:
authormkanat%bugzilla.org <>2007-02-03 06:40:06 +0100
committermkanat%bugzilla.org <>2007-02-03 06:40:06 +0100
commit1551e2372cb4f8027f1dcc82a47450c94a4c781e (patch)
treed82a8d2f6b1b76f1643e3f1d002275ea378f78ef /template/en/default/list
parent1e1ee3dbb885e2d48afa9d15074ea7e2a9ae3c17 (diff)
downloadbugzilla-1551e2372cb4f8027f1dcc82a47450c94a4c781e.tar.gz
bugzilla-1551e2372cb4f8027f1dcc82a47450c94a4c781e.tar.xz
Bug 367674: [SECURITY] XSS when reading Atom feeds due to unescaped HTML
Patch By Frédéric Buclin <LpSolit@gmail.com> r=bkor, a=mkanat
Diffstat (limited to 'template/en/default/list')
-rw-r--r--template/en/default/list/list.atom.tmpl24
1 files changed, 12 insertions, 12 deletions
diff --git a/template/en/default/list/list.atom.tmpl b/template/en/default/list/list.atom.tmpl
index 367f2858f..837c70b9a 100644
--- a/template/en/default/list/list.atom.tmpl
+++ b/template/en/default/list/list.atom.tmpl
@@ -62,23 +62,23 @@
<tr>
<th>Field</th><th>Value</th>
</tr><tr>
- <td>[% columns.opendate.title FILTER none %]</td>
- <td>[% bug.opendate FILTER none %]</td>
+ <td>[% columns.opendate.title FILTER html %]</td>
+ <td>[% bug.opendate FILTER html %]</td>
</tr><tr>
- <td>[% columns.assigned_to_realname.title FILTER none %]</td>
- <td>[% bug.assigned_to_realname FILTER none %]</td>
+ <td>[% columns.assigned_to_realname.title FILTER html %]</td>
+ <td>[% bug.assigned_to_realname FILTER html %]</td>
</tr><tr>
- <td>[% columns.priority.title FILTER none %]</td>
- <td>[% bug.priority FILTER none %]</td>
+ <td>[% columns.priority.title FILTER html %]</td>
+ <td>[% bug.priority FILTER html %]</td>
</tr><tr>
- <td>[% columns.bug_severity.title FILTER none %] </td>
- <td>[% bug.bug_severity FILTER none %]</td>
+ <td>[% columns.bug_severity.title FILTER html %] </td>
+ <td>[% bug.bug_severity FILTER html %]</td>
</tr><tr>
- <td>[% columns.bug_status.title FILTER none %]</td>
- <td>[% bug.bug_status FILTER none %]</td>
+ <td>[% columns.bug_status.title FILTER html %]</td>
+ <td>[% bug.bug_status FILTER html %]</td>
</tr><tr>
- <td>[% columns.changeddate.title FILTER none %]</td>
- <td>[% bug.changeddate FILTER none -%]</td>
+ <td>[% columns.changeddate.title FILTER html %]</td>
+ <td>[% bug.changeddate FILTER html -%]</td>
</tr>
</table>
[% END %]