From 1551e2372cb4f8027f1dcc82a47450c94a4c781e Mon Sep 17 00:00:00 2001 From: "mkanat%bugzilla.org" <> Date: Sat, 3 Feb 2007 05:40:06 +0000 Subject: Bug 367674: [SECURITY] XSS when reading Atom feeds due to unescaped HTML Patch By Frédéric Buclin r=bkor, a=mkanat MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- template/en/default/list/list.atom.tmpl | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/template/en/default/list/list.atom.tmpl b/template/en/default/list/list.atom.tmpl index 367f2858f..837c70b9a 100644 --- a/template/en/default/list/list.atom.tmpl +++ b/template/en/default/list/list.atom.tmpl @@ -62,23 +62,23 @@ FieldValue - [% columns.opendate.title FILTER none %] - [% bug.opendate FILTER none %] + [% columns.opendate.title FILTER html %] + [% bug.opendate FILTER html %] - [% columns.assigned_to_realname.title FILTER none %] - [% bug.assigned_to_realname FILTER none %] + [% columns.assigned_to_realname.title FILTER html %] + [% bug.assigned_to_realname FILTER html %] - [% columns.priority.title FILTER none %] - [% bug.priority FILTER none %] + [% columns.priority.title FILTER html %] + [% bug.priority FILTER html %] - [% columns.bug_severity.title FILTER none %] - [% bug.bug_severity FILTER none %] + [% columns.bug_severity.title FILTER html %] + [% bug.bug_severity FILTER html %] - [% columns.bug_status.title FILTER none %] - [% bug.bug_status FILTER none %] + [% columns.bug_status.title FILTER html %] + [% bug.bug_status FILTER html %] - [% columns.changeddate.title FILTER none %] - [% bug.changeddate FILTER none -%] + [% columns.changeddate.title FILTER html %] + [% bug.changeddate FILTER html -%] [% END %] -- cgit v1.2.3-24-g4f1b