diff options
author | gerv%gerv.net <> | 2005-01-04 05:54:57 +0100 |
---|---|---|
committer | gerv%gerv.net <> | 2005-01-04 05:54:57 +0100 |
commit | ed09207ecef601b38bff1392ef5e1726e8fc44c5 (patch) | |
tree | d6230a128409035ee8dc2bd58c4aad41bb4c0aa9 /template/en/default | |
parent | a90c06d0075eb8a0a9b57a8b80ba3c26f6136643 (diff) | |
download | bugzilla-ed09207ecef601b38bff1392ef5e1726e8fc44c5.tar.gz bugzilla-ed09207ecef601b38bff1392ef5e1726e8fc44c5.tar.xz |
Bug 272620: avoid XSS problem with internal error messages. Patch by gerv; r=justdave; a=justdave.
Diffstat (limited to 'template/en/default')
-rw-r--r-- | template/en/default/global/code-error.html.tmpl | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl index 42172d900..5026d8314 100644 --- a/template/en/default/global/code-error.html.tmpl +++ b/template/en/default/global/code-error.html.tmpl @@ -256,7 +256,10 @@ the time this message appeared. </p> <script type="text/javascript"> <!-- - document.write("<p>URL: " + document.location + "</p>"); + document.write("<p>URL: " + + document.location.href.replace(/&/g,"&") + .replace(/</g,"<") + .replace(/>/g,">") + "</p>"); // --> </script> </tt> |