From 74f713457a1d50b39a564cb0a647b2d937473e24 Mon Sep 17 00:00:00 2001
From: Frédéric Buclin
Date: Tue, 10 Jan 2012 00:53:33 +0100
Subject: Bug 716283: Clickjacking in the attachment "Details" page allows to
bypass token checks r=dkl a=LpSolit
---
template/en/default/attachment/edit.html.tmpl | 10 ++++++++++
template/en/default/global/textarea.html.tmpl | 3 +++
2 files changed, 13 insertions(+)
diff --git a/template/en/default/attachment/edit.html.tmpl b/template/en/default/attachment/edit.html.tmpl
index fbe3a9c79..95ad4d335 100644
--- a/template/en/default/attachment/edit.html.tmpl
+++ b/template/en/default/attachment/edit.html.tmpl
@@ -197,6 +197,16 @@
[% END %]
+ [% ELSIF attachment.contenttype == "text/html" %]
+ [%# For security reasons (clickjacking, embedded scripts), we never
+ # render HTML pages from here. The source code is displayed instead. %]
+ [% INCLUDE global/textarea.html.tmpl
+ id = 'viewFrame'
+ minrows = 10
+ cols = 80
+ defaultcontent = attachment.data
+ readonly = 'readonly'
+ %]
[% ELSE %]