From fc43974e16275e2e85ab88dbb63a3e5c0fd6a08e Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@mozilla.com>
Date: Tue, 16 Dec 2014 12:24:08 +0800
Subject: Bug 1111862: HTML code injection in review history page

---
 extensions/Review/web/js/review_history.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'extensions/Review/web')

diff --git a/extensions/Review/web/js/review_history.js b/extensions/Review/web/js/review_history.js
index ea35edf26..4e31d2f73 100644
--- a/extensions/Review/web/js/review_history.js
+++ b/extensions/Review/web/js/review_history.js
@@ -87,9 +87,9 @@
         historyTable = new Y.DataTable({
             columns: [
                 { key: 'creation_time', label: 'Created', sortable: true, formatter: format_date },
-                { key: 'attachment', label: 'Attachment', formatter: format_attachment, allowHTML: true },
+                { key: 'attachment', label: 'Attachment', formatter: format_attachment },
                 { key: 'setter', label: 'Requester', formatter: format_setter },
-                { key: "action", label: "Action", sortable: true, allowHTML: true, formatter: format_action },
+                { key: "action", label: "Action", sortable: true,  formatter: format_action },
                 { key: "duration", label: "Duration", sortable: true, formatter: format_duration },
                 { key: "bug_id", label: "Bug", sortable: true, allowHTML: true,
                   formatter: '<a href="show_bug.cgi?id={value}" target="_blank">{value}</a>' },
-- 
cgit v1.2.3-24-g4f1b