summaryrefslogtreecommitdiffstats
path: root/template
diff options
context:
space:
mode:
authorReed Loden <reed@reedloden.com>2011-01-24 19:08:37 +0100
committerReed Loden <reed@reedloden.com>2011-01-24 19:08:37 +0100
commit078c49317674c5d62135deff544a0b72a4546cdf (patch)
tree156c84a72772e3f35a5cc2667a9b47a5c3a3e01a /template
parentc283f5e77dc1f3a865a95aa95d1b03e0935ed0a5 (diff)
downloadbugzilla-078c49317674c5d62135deff544a0b72a4546cdf.tar.gz
bugzilla-078c49317674c5d62135deff544a0b72a4546cdf.tar.xz
Bug 619648: (CVE-2010-4570) [SECURITY] XSS via summary in "possible duplicates" table due to lack of encoding by YUI
[r=mkanat a=LpSolit]
Diffstat (limited to 'template')
-rw-r--r--template/en/default/bug/create/create.html.tmpl3
1 files changed, 2 insertions, 1 deletions
diff --git a/template/en/default/bug/create/create.html.tmpl b/template/en/default/bug/create/create.html.tmpl
index a2e7b7eae..8c717760e 100644
--- a/template/en/default/bug/create/create.html.tmpl
+++ b/template/en/default/bug/create/create.html.tmpl
@@ -533,7 +533,8 @@ TUI_hide_default('attachment_text_field');
{ key: "id", label: "[% field_descs.bug_id FILTER js %]",
formatter: YAHOO.bugzilla.dupTable.formatBugLink },
{ key: "summary",
- label: "[% field_descs.short_desc FILTER js %]" },
+ label: "[% field_descs.short_desc FILTER js %]",
+ formatter: "text" },
{ key: "status",
label: "[% field_descs.bug_status FILTER js %]",
formatter: YAHOO.bugzilla.dupTable.formatStatus },