From e9b54b1353f5f51c6300d6552c880de0d26863f3 Mon Sep 17 00:00:00 2001 From: Dylan Hardison Date: Mon, 29 Feb 2016 08:23:34 -0500 Subject: Bug 1251647 - XSS vulnerability in the remo-form-payment page --- .../en/default/pages/remo-form-payment.html.tmpl | 111 +-------------------- extensions/REMO/web/js/payment.js | 85 ++++++++++++++++ 2 files changed, 89 insertions(+), 107 deletions(-) create mode 100644 extensions/REMO/web/js/payment.js diff --git a/extensions/REMO/template/en/default/pages/remo-form-payment.html.tmpl b/extensions/REMO/template/en/default/pages/remo-form-payment.html.tmpl index 3994e13fd..a37df1f89 100644 --- a/extensions/REMO/template/en/default/pages/remo-form-payment.html.tmpl +++ b/extensions/REMO/template/en/default/pages/remo-form-payment.html.tmpl @@ -25,114 +25,13 @@ generate_api_token = 1 style_urls = [ 'extensions/REMO/web/styles/moz_reps.css' ] javascript_urls = [ 'extensions/REMO/web/js/form_validate.js', + 'extensions/REMO/web/js/payment.js', 'js/util.js', 'js/field.js' ] yui = ['connection', 'json'] %] - +

Mozilla Reps - Payment Form

@@ -175,8 +74,7 @@ function getBugInfo (e, div) { Budget request [% terms.bug %]: * - + @@ -189,8 +87,7 @@ function getBugInfo (e, div) { Have you already received payment for this event? - +