summaryrefslogtreecommitdiffstats
path: root/template
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2016-03-23 10:27:37 +0100
committerFrédéric Buclin <LpSolit@gmail.com>2016-03-23 10:27:37 +0100
commit3368986490028be41351d4329fb4976df2eb75e1 (patch)
tree9b13b716d039c25ef1c5bb79de5db88a3cfa0c06 /template
parentc7e80318e56b540caf778c11b79bac9e1bb03e68 (diff)
downloadbugzilla-3368986490028be41351d4329fb4976df2eb75e1.tar.gz
bugzilla-3368986490028be41351d4329fb4976df2eb75e1.tar.xz
Bug 1254226: XSS through javascript: callback URLs in auth delegation
r=dylan
Diffstat (limited to 'template')
-rw-r--r--template/en/default/global/user-error.html.tmpl5
1 files changed, 5 insertions, 0 deletions
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index 998aed4fe..8c0cc8b7a 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -122,6 +122,11 @@
This site does not have auth delegation enabled.
Please contact an administrator if you require this functionality.
+ [% ELSIF error == "auth_delegation_illegal_protocol" %]
+ [% title = "Invalid Protocol" %]
+ The callback URI uses an illegal protocol: <em>[% protocol FILTER html %]</em>.
+ Only <em>http</em> and <em>https</em> are allowed.
+
[% ELSIF error == "auth_delegation_missing_callback" %]
[% title = "Auth delegation impossible without callback URI" %]
It looks like auth delegation was attempted, but no callback URI was passed.