From 27daf484e99ea638f10beec81f41a2bcb412fd4d Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Tue, 15 Mar 2016 17:07:20 +0100 Subject: Bug 1253267: DOT injection vulnerability in dependency graphs when long bug summaries are wrapped r=dkl --- showdependencygraph.cgi | 3 +++ 1 file changed, 3 insertions(+) diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi index e692167de..196d8f84e 100755 --- a/showdependencygraph.cgi +++ b/showdependencygraph.cgi @@ -199,6 +199,9 @@ foreach my $k (@bug_ids) { utf8::encode($summary) if utf8::is_utf8($summary); $summary = wrap_comment($summary); $summary =~ s/([\\\"])/\\$1/g; + # Newlines must be escaped too, to not break the .map file + # and to prevent code injection. + $summary =~ s/\n/\\n/g; push(@params, qq{label="$k\\n$summary"}); } -- cgit v1.2.3-24-g4f1b