summaryrefslogtreecommitdiffstats
path: root/template
diff options
context:
space:
mode:
authorDylan William Hardison <dylan@hardison.net>2016-05-13 19:34:19 +0200
committerDylan William Hardison <dylan@hardison.net>2016-05-13 19:34:19 +0200
commit54f8e937861494f938ab7b2c8d45b88cc998d75e (patch)
tree34442b977df9e64c2331f0c2f7c6eeb9e1d1a528 /template
parenta35c9866e37c8676238ca1ea272f917cf3e57f89 (diff)
downloadbugzilla-54f8e937861494f938ab7b2c8d45b88cc998d75e.tar.gz
bugzilla-54f8e937861494f938ab7b2c8d45b88cc998d75e.tar.xz
Bug 1250114 - XSS possible in extensions calling global/tabs.html.tmpl if tab.link is user-controlled
Diffstat (limited to 'template')
-rw-r--r--template/en/default/global/tabs.html.tmpl2
1 files changed, 1 insertions, 1 deletions
diff --git a/template/en/default/global/tabs.html.tmpl b/template/en/default/global/tabs.html.tmpl
index 9cf5a897b..511640477 100644
--- a/template/en/default/global/tabs.html.tmpl
+++ b/template/en/default/global/tabs.html.tmpl
@@ -25,7 +25,7 @@
[% tab.label FILTER html %]</td>
[% ELSE %]
<td id="tab_[% tab.name FILTER html %]" class="clickable_area"
- onClick="document.location='[% tab.link FILTER html %]'">
+ onClick="document.location='[% tab.link FILTER js FILTER html %]'">
<a href="[% tab.link FILTER html %]">[% tab.label FILTER html %]</a>
</td>
[% END %]