summaryrefslogtreecommitdiffstats
path: root/template
diff options
context:
space:
mode:
authorDylan Hardison <dylan@mozilla.com>2016-03-22 14:25:16 +0100
committerDylan Hardison <dylan@mozilla.com>2016-03-22 14:25:16 +0100
commit0c94e1dd07b705ba000c008b08c8f5aa27731932 (patch)
tree27d3080a25a493b56f3332e10b183ef1785c1d12 /template
parent3af55bfe0bd10a85b7cd69e26a19034a6d2e78f5 (diff)
downloadbugzilla-0c94e1dd07b705ba000c008b08c8f5aa27731932.tar.gz
bugzilla-0c94e1dd07b705ba000c008b08c8f5aa27731932.tar.xz
Bug 1258547 - XSS through javascript: callback URLs in auth delegation
Diffstat (limited to 'template')
-rw-r--r--template/en/default/global/user-error.html.tmpl5
1 files changed, 5 insertions, 0 deletions
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index bf7455ad9..9cd1cc02f 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -134,6 +134,11 @@
This site does not have auth delegation enabled.
Please contact an administrator if you require this functionality.
+ [% ELSIF error == "auth_delegation_illegal_protocol" %]
+ [% title = "Invalid Protocol" %]
+ The callback URI uses an illegal protocol: <em>[% protocol FILTER html %]</em>.
+ Only <em>http</em> and <em>https</em> are allowed.
+
[% ELSIF error == "auth_delegation_missing_callback" %]
[% title = "Auth delegation impossible without callback URI" %]
It looks like auth delegation was attempted, but no callback URI was passed.