diff options
author | Dylan William Hardison <dylan@hardison.net> | 2016-05-13 19:34:19 +0200 |
---|---|---|
committer | Dylan William Hardison <dylan@hardison.net> | 2016-05-13 19:34:19 +0200 |
commit | 54f8e937861494f938ab7b2c8d45b88cc998d75e (patch) | |
tree | 34442b977df9e64c2331f0c2f7c6eeb9e1d1a528 /template | |
parent | a35c9866e37c8676238ca1ea272f917cf3e57f89 (diff) | |
download | bugzilla-54f8e937861494f938ab7b2c8d45b88cc998d75e.tar.gz bugzilla-54f8e937861494f938ab7b2c8d45b88cc998d75e.tar.xz |
Bug 1250114 - XSS possible in extensions calling global/tabs.html.tmpl if tab.link is user-controlled
Diffstat (limited to 'template')
-rw-r--r-- | template/en/default/global/tabs.html.tmpl | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/template/en/default/global/tabs.html.tmpl b/template/en/default/global/tabs.html.tmpl index 9cf5a897b..511640477 100644 --- a/template/en/default/global/tabs.html.tmpl +++ b/template/en/default/global/tabs.html.tmpl @@ -25,7 +25,7 @@ [% tab.label FILTER html %]</td> [% ELSE %] <td id="tab_[% tab.name FILTER html %]" class="clickable_area" - onClick="document.location='[% tab.link FILTER html %]'"> + onClick="document.location='[% tab.link FILTER js FILTER html %]'"> <a href="[% tab.link FILTER html %]">[% tab.label FILTER html %]</a> </td> [% END %] |