diff options
| author | Simon Bennetts <psiinon@gmail.com> | 2018-04-04 19:21:33 +0200 |
|---|---|---|
| committer | Israel Madueme <purelogiq@gmail.com> | 2018-04-04 19:21:33 +0200 |
| commit | fe259aba572e08df22557251ca9279f512f6862c (patch) | |
| tree | 5f6428a14dd727c0c3136352413a0a28718f8cda /template/en/default/search | |
| parent | 3d6e2fb15c254d2d8fe75dc0307a4b0fd3e62865 (diff) | |
| download | bugzilla-fe259aba572e08df22557251ca9279f512f6862c.tar.gz bugzilla-fe259aba572e08df22557251ca9279f512f6862c.tar.xz | |
Bug 1446431 - Allow Baseline scan to ignore forms that dont need CSRF Tokens
The data-no-csrf attribute is used to signify that a form is 'safe' (ie
doesn't actually make any permanent changes) and so doesn't need an
anti-csrf token.
Diffstat (limited to 'template/en/default/search')
| -rw-r--r-- | template/en/default/search/search-advanced.html.tmpl | 2 | ||||
| -rw-r--r-- | template/en/default/search/search-google.html.tmpl | 2 | ||||
| -rw-r--r-- | template/en/default/search/search-specific.html.tmpl | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/template/en/default/search/search-advanced.html.tmpl b/template/en/default/search/search-advanced.html.tmpl index 60f47a916..b51906774 100644 --- a/template/en/default/search/search-advanced.html.tmpl +++ b/template/en/default/search/search-advanced.html.tmpl @@ -60,7 +60,7 @@ function remove_token() { <p id="search_help">Hover your mouse over each field label to get help for that field.</p> <form method="post" action="buglist.cgi" name="queryform" id="queryform" - onsubmit="remove_token()"> + onsubmit="remove_token()" data-no-csrf> [% PROCESS search/form.html.tmpl %] diff --git a/template/en/default/search/search-google.html.tmpl b/template/en/default/search/search-google.html.tmpl index ad45cce94..7fdc1daaa 100644 --- a/template/en/default/search/search-google.html.tmpl +++ b/template/en/default/search/search-google.html.tmpl @@ -31,7 +31,7 @@ Google only indexes publicly viewable [% terms.bugs %] and all may not be represented. <p> -<form method="get" action="https://www.google.com/search"> +<form method="get" action="https://www.google.com/search" data-no-csrf> <input type="hidden" name="sitesearch" value="bugzilla.mozilla.org"> <nobr> <input type="text" name="q" size="60" maxlength="255" value=""> diff --git a/template/en/default/search/search-specific.html.tmpl b/template/en/default/search/search-specific.html.tmpl index 3b4cc3514..be314101f 100644 --- a/template/en/default/search/search-specific.html.tmpl +++ b/template/en/default/search/search-specific.html.tmpl @@ -39,7 +39,7 @@ For example, if the [% terms.bug %] you are looking for is a browser crash when for "crash secure SSL flash". </p> -<form name="queryform" method="get" action="buglist.cgi"> +<form name="queryform" method="get" action="buglist.cgi" data-no-csrf> <input type="hidden" name="query_format" value="specific"> <input type="hidden" name="order" value="relevance desc"> |