From a4c4cbada652d6106aa87d2a08d29fce580449e9 Mon Sep 17 00:00:00 2001 From: Byron Jones Date: Tue, 5 Nov 2013 15:55:52 +0800 Subject: Bug 934543: persistent xss on page https://bugzilla.mozilla.org/user_profile --- .../UserProfile/template/en/default/pages/user_profile.html.tmpl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'extensions/UserProfile/template/en/default/pages') diff --git a/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl b/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl index 71442b822..f1107bd6a 100644 --- a/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl +++ b/extensions/UserProfile/template/en/default/pages/user_profile.html.tmpl @@ -8,8 +8,9 @@ [% PROCESS global/variables.none.tmpl %] +[% filtered_identity = target.identity FILTER html %] [% PROCESS global/header.html.tmpl - title = "User Profile: " _ target.identity + title = "User Profile: $filtered_identity" style_urls = [ "extensions/UserProfile/web/styles/user_profile.css" ] yui = [ 'autocomplete' ] javascript_urls = [ "js/field.js" ] -- cgit v1.2.3-24-g4f1b