diff options
author | Dylan Hardison <dylan@mozilla.com> | 2016-03-22 14:25:16 +0100 |
---|---|---|
committer | Dylan Hardison <dylan@mozilla.com> | 2016-03-22 14:25:16 +0100 |
commit | 0c94e1dd07b705ba000c008b08c8f5aa27731932 (patch) | |
tree | 27d3080a25a493b56f3332e10b183ef1785c1d12 /template | |
parent | 3af55bfe0bd10a85b7cd69e26a19034a6d2e78f5 (diff) | |
download | bugzilla-0c94e1dd07b705ba000c008b08c8f5aa27731932.tar.gz bugzilla-0c94e1dd07b705ba000c008b08c8f5aa27731932.tar.xz |
Bug 1258547 - XSS through javascript: callback URLs in auth delegation
Diffstat (limited to 'template')
-rw-r--r-- | template/en/default/global/user-error.html.tmpl | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl index bf7455ad9..9cd1cc02f 100644 --- a/template/en/default/global/user-error.html.tmpl +++ b/template/en/default/global/user-error.html.tmpl @@ -134,6 +134,11 @@ This site does not have auth delegation enabled. Please contact an administrator if you require this functionality. + [% ELSIF error == "auth_delegation_illegal_protocol" %] + [% title = "Invalid Protocol" %] + The callback URI uses an illegal protocol: <em>[% protocol FILTER html %]</em>. + Only <em>http</em> and <em>https</em> are allowed. + [% ELSIF error == "auth_delegation_missing_callback" %] [% title = "Auth delegation impossible without callback URI" %] It looks like auth delegation was attempted, but no callback URI was passed. |