diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2016-03-23 10:27:37 +0100 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2016-03-23 10:27:37 +0100 |
commit | 3368986490028be41351d4329fb4976df2eb75e1 (patch) | |
tree | 9b13b716d039c25ef1c5bb79de5db88a3cfa0c06 /template | |
parent | c7e80318e56b540caf778c11b79bac9e1bb03e68 (diff) | |
download | bugzilla-3368986490028be41351d4329fb4976df2eb75e1.tar.gz bugzilla-3368986490028be41351d4329fb4976df2eb75e1.tar.xz |
Bug 1254226: XSS through javascript: callback URLs in auth delegation
r=dylan
Diffstat (limited to 'template')
-rw-r--r-- | template/en/default/global/user-error.html.tmpl | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl index 998aed4fe..8c0cc8b7a 100644 --- a/template/en/default/global/user-error.html.tmpl +++ b/template/en/default/global/user-error.html.tmpl @@ -122,6 +122,11 @@ This site does not have auth delegation enabled. Please contact an administrator if you require this functionality. + [% ELSIF error == "auth_delegation_illegal_protocol" %] + [% title = "Invalid Protocol" %] + The callback URI uses an illegal protocol: <em>[% protocol FILTER html %]</em>. + Only <em>http</em> and <em>https</em> are allowed. + [% ELSIF error == "auth_delegation_missing_callback" %] [% title = "Auth delegation impossible without callback URI" %] It looks like auth delegation was attempted, but no callback URI was passed. |