summaryrefslogtreecommitdiffstats
path: root/extensions
diff options
context:
space:
mode:
Diffstat (limited to 'extensions')
-rw-r--r--extensions/InlineHistory/template/en/default/hook/bug/comments-aftercomments.html.tmpl8
-rw-r--r--extensions/InlineHistory/web/inline-history.js6
2 files changed, 12 insertions, 2 deletions
diff --git a/extensions/InlineHistory/template/en/default/hook/bug/comments-aftercomments.html.tmpl b/extensions/InlineHistory/template/en/default/hook/bug/comments-aftercomments.html.tmpl
index 261f5b3fd..dffec1d28 100644
--- a/extensions/InlineHistory/template/en/default/hook/bug/comments-aftercomments.html.tmpl
+++ b/extensions/InlineHistory/template/en/default/hook/bug/comments-aftercomments.html.tmpl
@@ -136,8 +136,12 @@
[% PROCESS formattimeunit time_unit = value FILTER html FILTER js %]
[% ELSIF change.buglist %]
[% value FILTER bug_list_link FILTER js %]
- [% ELSIF change.fieldname == 'bug_file_loc' ||
- change.fieldname == 'see_also' %]
+ [% ELSIF change.fieldname == 'bug_file_loc' %]
+ [%~%]<a href="[% value FILTER html FILTER js %]" target="_blank"
+ [%~ ' onclick="return inline_history.confirmUnsafeUrl(this.href)"'
+ UNLESS is_safe_url(value) %]>
+ [%~%][% value FILTER html FILTER js %]</a>
+ [% ELSIF change.fieldname == 'see_also' %]
[%~%]<a href="[% value FILTER html FILTER js %]" target="_blank">
[%~%][% value FILTER html FILTER js %]</a>
[% ELSIF change.fieldname == 'assigned_to' ||
diff --git a/extensions/InlineHistory/web/inline-history.js b/extensions/InlineHistory/web/inline-history.js
index 40f208d57..a6655e10b 100644
--- a/extensions/InlineHistory/web/inline-history.js
+++ b/extensions/InlineHistory/web/inline-history.js
@@ -368,6 +368,12 @@ var inline_history = {
ul.appendChild(li);
},
+ confirmUnsafeUrl: function(url) {
+ return confirm(
+ 'This is considered an unsafe URL and could possibly be harmful.\n'
+ + 'The full URL is:\n\n' + url + '\n\nContinue?');
+ },
+
previousElementSibling: function(el) {
if (el.previousElementSibling)
return el.previousElementSibling;