From be2d5f9288337f46255b8543e65694ad8a1afe4c Mon Sep 17 00:00:00 2001
From: David Lawrence <dkl@mozilla.com>
Date: Mon, 29 Feb 2016 08:25:31 -0500
Subject: Bug 1251731 - XSS vulnerability through malicious attachment names

---
 extensions/Splinter/template/en/default/pages/splinter.html.tmpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'extensions/Splinter/template/en')

diff --git a/extensions/Splinter/template/en/default/pages/splinter.html.tmpl b/extensions/Splinter/template/en/default/pages/splinter.html.tmpl
index 14034a184..a6dc9114a 100644
--- a/extensions/Splinter/template/en/default/pages/splinter.html.tmpl
+++ b/extensions/Splinter/template/en/default/pages/splinter.html.tmpl
@@ -102,7 +102,7 @@
       attachment.isPatch = [% attachment.ispatch ? 1 : 0 %];
       attachment.isObsolete = [% attachment.isobsolete ? 1 : 0 %];
       attachment.isPrivate = [% attachment.isprivate ? 1 : 0 %];
-      attachment.isCRLF = [% attach_is_crlf FILTER none %];
+      attachment.isCRLF = [% attach_is_crlf ? 1 : 0 %];
       theBug.attachments.push(attachment);
     [% END %]
 
-- 
cgit v1.2.3-24-g4f1b