diff options
author | mkanat%bugzilla.org <> | 2007-02-03 06:40:06 +0100 |
---|---|---|
committer | mkanat%bugzilla.org <> | 2007-02-03 06:40:06 +0100 |
commit | 1551e2372cb4f8027f1dcc82a47450c94a4c781e (patch) | |
tree | d82a8d2f6b1b76f1643e3f1d002275ea378f78ef /template/en/default/list | |
parent | 1e1ee3dbb885e2d48afa9d15074ea7e2a9ae3c17 (diff) | |
download | bugzilla-1551e2372cb4f8027f1dcc82a47450c94a4c781e.tar.gz bugzilla-1551e2372cb4f8027f1dcc82a47450c94a4c781e.tar.xz |
Bug 367674: [SECURITY] XSS when reading Atom feeds due to unescaped HTML
Patch By Frédéric Buclin <LpSolit@gmail.com> r=bkor, a=mkanat
Diffstat (limited to 'template/en/default/list')
-rw-r--r-- | template/en/default/list/list.atom.tmpl | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/template/en/default/list/list.atom.tmpl b/template/en/default/list/list.atom.tmpl index 367f2858f..837c70b9a 100644 --- a/template/en/default/list/list.atom.tmpl +++ b/template/en/default/list/list.atom.tmpl @@ -62,23 +62,23 @@ <tr> <th>Field</th><th>Value</th> </tr><tr> - <td>[% columns.opendate.title FILTER none %]</td> - <td>[% bug.opendate FILTER none %]</td> + <td>[% columns.opendate.title FILTER html %]</td> + <td>[% bug.opendate FILTER html %]</td> </tr><tr> - <td>[% columns.assigned_to_realname.title FILTER none %]</td> - <td>[% bug.assigned_to_realname FILTER none %]</td> + <td>[% columns.assigned_to_realname.title FILTER html %]</td> + <td>[% bug.assigned_to_realname FILTER html %]</td> </tr><tr> - <td>[% columns.priority.title FILTER none %]</td> - <td>[% bug.priority FILTER none %]</td> + <td>[% columns.priority.title FILTER html %]</td> + <td>[% bug.priority FILTER html %]</td> </tr><tr> - <td>[% columns.bug_severity.title FILTER none %] </td> - <td>[% bug.bug_severity FILTER none %]</td> + <td>[% columns.bug_severity.title FILTER html %] </td> + <td>[% bug.bug_severity FILTER html %]</td> </tr><tr> - <td>[% columns.bug_status.title FILTER none %]</td> - <td>[% bug.bug_status FILTER none %]</td> + <td>[% columns.bug_status.title FILTER html %]</td> + <td>[% bug.bug_status FILTER html %]</td> </tr><tr> - <td>[% columns.changeddate.title FILTER none %]</td> - <td>[% bug.changeddate FILTER none -%]</td> + <td>[% columns.changeddate.title FILTER html %]</td> + <td>[% bug.changeddate FILTER html -%]</td> </tr> </table> [% END %] |