From 4d956493207d37a7d9a24d398d86a8cf1ce86c2d Mon Sep 17 00:00:00 2001 From: Dylan Hardison Date: Tue, 1 Mar 2016 08:14:24 -0500 Subject: Bug 1252219 - Attachment bounty form is vulnerable to CSRF and persistent XSS --- .../en/default/pages/attachment_bounty_form.html.tmpl | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) (limited to 'extensions/BMO/template/en') diff --git a/extensions/BMO/template/en/default/pages/attachment_bounty_form.html.tmpl b/extensions/BMO/template/en/default/pages/attachment_bounty_form.html.tmpl index e458d0111..9b6901330 100644 --- a/extensions/BMO/template/en/default/pages/attachment_bounty_form.html.tmpl +++ b/extensions/BMO/template/en/default/pages/attachment_bounty_form.html.tmpl @@ -133,8 +133,9 @@ function validateAndSubmit() {
- + +
@@ -144,17 +145,17 @@ function validateAndSubmit() {
+ value="[% form.reporter_email FILTER html %]">
- +
-
- +
- +
-- cgit v1.2.3-24-g4f1b