diff options
| author | Dylan Hardison <dylan@mozilla.com> | 2016-03-01 15:48:31 +0100 |
|---|---|---|
| committer | Dylan Hardison <dylan@mozilla.com> | 2016-03-01 15:48:31 +0100 |
| commit | 33c79b8bd53b084122b95d8863d776cc6f4a2ad7 (patch) | |
| tree | 600ea70c62624648215bc37e56b97261eb7a4ecc /template | |
| parent | 8ce105347fda12b58424f8fb21cfc7a9bd7e2431 (diff) | |
| download | bugzilla-33c79b8bd53b084122b95d8863d776cc6f4a2ad7.tar.gz bugzilla-33c79b8bd53b084122b95d8863d776cc6f4a2ad7.tar.xz | |
Bug 1252437 - XSS vulnerability through malicious bug aliases
Diffstat (limited to 'template')
| -rw-r--r-- | template/en/default/bug/show-header.html.tmpl | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/template/en/default/bug/show-header.html.tmpl b/template/en/default/bug/show-header.html.tmpl index e7d0a07fb..c8acca614 100644 --- a/template/en/default/bug/show-header.html.tmpl +++ b/template/en/default/bug/show-header.html.tmpl @@ -28,12 +28,14 @@ # be overridden by the calling templates. #%] +[% filtered_alias = bug.alias FILTER html %] [% filtered_desc = bug.short_desc FILTER html %] -[% subheader = filtered_desc %] [% filtered_timestamp = bug.delta_ts FILTER time %] + +[% subheader = filtered_desc %] [% title = "$terms.Bug $bug.bug_id – " %] [% IF bug.alias != '' %] - [% title = title _ "($bug.alias) " %] + [% title = title _ "($filtered_alias) " %] [% END %] [% title = title _ filtered_desc %] [% generate_api_token = 1 %] |