From 7f3cc6428c61dde8afbbe4ba6f7a50728af2449a Mon Sep 17 00:00:00 2001
From: Byron Jones <glob@mozilla.com>
Date: Tue, 12 May 2015 11:20:37 +0800
Subject: Bug 1163393: XSS in the new jQuery autocomplete code r=dkl,a=glob

---
 js/field.js | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'js')

diff --git a/js/field.js b/js/field.js
index f55852671..5a48db471 100644
--- a/js/field.js
+++ b/js/field.js
@@ -844,8 +844,12 @@ $(function() {
             };
         },
         formatResult: function(suggestion, currentValue) {
-            return suggestion.data.name === '' ?
-                suggestion.data.login : suggestion.data.name + ' (' + suggestion.data.login + ')';
+            return (suggestion.data.name === '' ?
+                suggestion.data.login : suggestion.data.name + ' (' + suggestion.data.login + ')')
+                .replace(/&/g, '&amp;')
+                .replace(/</g, '&lt;')
+                .replace(/>/g, '&gt;')
+                .replace(/"/g, '&quot;');
         },
         onSearchStart: function(params) {
             var that = $(this);
-- 
cgit v1.2.3-24-g4f1b