From 02aa6ce0a7cd9ef14079a5ee22c175ff9d16ed58 Mon Sep 17 00:00:00 2001
From: David Lawrence <dkl@mozilla.com>
Date: Tue, 8 Mar 2016 14:26:33 +0000
Subject: Bug 1252445 - Tracking flags configuration is vulnerable to CSRF and
 causes persistent XSS

---
 .../template/en/default/hook/bug/create/create-form.html.tmpl          | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'extensions/TrackingFlags/template/en/default/hook/bug/create/create-form.html.tmpl')

diff --git a/extensions/TrackingFlags/template/en/default/hook/bug/create/create-form.html.tmpl b/extensions/TrackingFlags/template/en/default/hook/bug/create/create-form.html.tmpl
index 53f80a885..a29357b11 100644
--- a/extensions/TrackingFlags/template/en/default/hook/bug/create/create-form.html.tmpl
+++ b/extensions/TrackingFlags/template/en/default/hook/bug/create/create-form.html.tmpl
@@ -30,7 +30,8 @@
 
 <script type="text/javascript">
   $(function() {
-    var tracking_flag_components = [% tracking_flag_components FILTER none %];
+    var tracking_flag_components_str = "[% tracking_flag_components FILTER js %]";
+    var tracking_flag_components = $.parseJSON(tracking_flag_components_str);
     var highest_status_firefox = '[% highest_status_firefox FILTER js %]';
 
     $('#component')
-- 
cgit v1.2.3-24-g4f1b