From 33c79b8bd53b084122b95d8863d776cc6f4a2ad7 Mon Sep 17 00:00:00 2001
From: Dylan Hardison <dylan@mozilla.com>
Date: Tue, 1 Mar 2016 09:48:31 -0500
Subject: Bug 1252437 - XSS vulnerability through malicious bug aliases

---
 extensions/BugModal/template/en/default/bug_modal/header.html.tmpl | 3 ++-
 template/en/default/bug/show-header.html.tmpl                      | 6 ++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/extensions/BugModal/template/en/default/bug_modal/header.html.tmpl b/extensions/BugModal/template/en/default/bug_modal/header.html.tmpl
index 361b9ec9d..f70e77bb1 100644
--- a/extensions/BugModal/template/en/default/bug_modal/header.html.tmpl
+++ b/extensions/BugModal/template/en/default/bug_modal/header.html.tmpl
@@ -15,7 +15,8 @@
   END;
   title = "$bug.bug_id - ";
   IF bug.alias;
-    title = title _ "($bug.alias) ";
+    filtered_alias = bug.alias FILTER html;
+    title = title _ "($filtered_alias) ";
   END;
   unfiltered_title = title _ bug.short_desc;
   filtered_desc = bug.short_desc FILTER html;
diff --git a/template/en/default/bug/show-header.html.tmpl b/template/en/default/bug/show-header.html.tmpl
index e7d0a07fb..c8acca614 100644
--- a/template/en/default/bug/show-header.html.tmpl
+++ b/template/en/default/bug/show-header.html.tmpl
@@ -28,12 +28,14 @@
   # be overridden by the calling templates.
   #%]
 
+[% filtered_alias = bug.alias FILTER html %]
 [% filtered_desc = bug.short_desc FILTER html %]
-[% subheader = filtered_desc %]
 [% filtered_timestamp = bug.delta_ts FILTER time %]
+
+[% subheader = filtered_desc %]
 [% title = "$terms.Bug $bug.bug_id &ndash; " %]
 [% IF bug.alias != '' %]
-  [% title = title _ "($bug.alias) " %]
+  [% title = title _ "($filtered_alias) " %]
 [% END %]
 [% title = title _ filtered_desc %]
 [% generate_api_token = 1 %]
-- 
cgit v1.2.3-24-g4f1b