summaryrefslogtreecommitdiffstats
path: root/template/en/default
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2012-11-13 18:56:26 +0100
committerFrédéric Buclin <LpSolit@gmail.com>2012-11-13 18:56:26 +0100
commit3a3636a8e51513cda6979bf13c02f573d1e9737f (patch)
tree4d312105703db3c8012d53a85f7ce4415e0f1c80 /template/en/default
parent47da30332c29a8ad25e4a07353d2adf3ef8c1280 (diff)
downloadbugzilla-3a3636a8e51513cda6979bf13c02f573d1e9737f.tar.gz
bugzilla-3a3636a8e51513cda6979bf13c02f573d1e9737f.tar.xz
Bug 790296 (CVE-2012-4189): [SECURITY] Field values are not escaped correctly in tabular reports
r=dkl a=LpSolit
Diffstat (limited to 'template/en/default')
-rw-r--r--template/en/default/reports/report-table.html.tmpl2
1 files changed, 1 insertions, 1 deletions
diff --git a/template/en/default/reports/report-table.html.tmpl b/template/en/default/reports/report-table.html.tmpl
index 8a3ab9524..b41753550 100644
--- a/template/en/default/reports/report-table.html.tmpl
+++ b/template/en/default/reports/report-table.html.tmpl
@@ -102,7 +102,7 @@ YAHOO.util.Event.addListener(window, "load", function() {
var myColumnDefs = [
{key:"row_title", label:"", sortable:true, sortOptions: { sortFunction:totalNumberSorter }},
[% FOREACH col = col_names %]
- {key:"[% col FILTER js %]", label:"[% display_value(col_field, col) FILTER js %]", sortable:true,
+ {key:"[% col FILTER js %]", label:"[% display_value(col_field, col) FILTER html FILTER js %]", sortable:true,
formatter:this.Linkify, sortOptions: { defaultDir: YAHOO.widget.DataTable.CLASS_DESC, sortFunction:totalNumberSorter }},
[% END %]
{key:"total", label:"Total", sortable:true, formatter:this.LinkifyTotal,