diff options
author | Reed Loden <reed@reedloden.com> | 2011-01-24 19:08:37 +0100 |
---|---|---|
committer | Reed Loden <reed@reedloden.com> | 2011-01-24 19:08:37 +0100 |
commit | 078c49317674c5d62135deff544a0b72a4546cdf (patch) | |
tree | 156c84a72772e3f35a5cc2667a9b47a5c3a3e01a /template | |
parent | c283f5e77dc1f3a865a95aa95d1b03e0935ed0a5 (diff) | |
download | bugzilla-078c49317674c5d62135deff544a0b72a4546cdf.tar.gz bugzilla-078c49317674c5d62135deff544a0b72a4546cdf.tar.xz |
Bug 619648: (CVE-2010-4570) [SECURITY] XSS via summary in "possible duplicates" table due to lack of encoding by YUI
[r=mkanat a=LpSolit]
Diffstat (limited to 'template')
-rw-r--r-- | template/en/default/bug/create/create.html.tmpl | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/template/en/default/bug/create/create.html.tmpl b/template/en/default/bug/create/create.html.tmpl index a2e7b7eae..8c717760e 100644 --- a/template/en/default/bug/create/create.html.tmpl +++ b/template/en/default/bug/create/create.html.tmpl @@ -533,7 +533,8 @@ TUI_hide_default('attachment_text_field'); { key: "id", label: "[% field_descs.bug_id FILTER js %]", formatter: YAHOO.bugzilla.dupTable.formatBugLink }, { key: "summary", - label: "[% field_descs.short_desc FILTER js %]" }, + label: "[% field_descs.short_desc FILTER js %]", + formatter: "text" }, { key: "status", label: "[% field_descs.bug_status FILTER js %]", formatter: YAHOO.bugzilla.dupTable.formatStatus }, |