From c283f5e77dc1f3a865a95aa95d1b03e0935ed0a5 Mon Sep 17 00:00:00 2001
From: Reed Loden <reed@reedloden.com>
Date: Mon, 24 Jan 2011 10:05:09 -0800
Subject: Bug 619637: (CVE-2010-4569) [SECURITY] XSS in user autocomplete due
 to lack of encoding by YUI [r=mkanat r=dkl a=LpSolit]

---
 js/field.js | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'js')

diff --git a/js/field.js b/js/field.js
index 621cdf3eb..9d0f346ef 100644
--- a/js/field.js
+++ b/js/field.js
@@ -661,6 +661,13 @@ function browserCanHideOptions(aSelect) {
 
 /* (end) option hiding code */
 
+// A convenience function to sanitize raw text for harmful HTML before outputting
+function _escapeHTML(text) {
+    return text.replace(/&/g, '&amp;').
+                replace(/</g, '&lt;').
+                replace(/>/g, '&gt;');
+}
+
 /**
  * The Autoselect
  */
@@ -686,7 +693,7 @@ YAHOO.bugzilla.userAutocomplete = {
       return stringified;
     },
     resultListFormat : function(oResultData, enteredText, sResultMatch) {
-        return ( oResultData.real_name + " (" +  oResultData.email + ")");
+        return ( _escapeHTML(oResultData.real_name) + " (" +  _escapeHTML(oResultData.email) + ")");
     },
     debug_helper : function ( ){
         /* used to help debug any errors that might happen */
-- 
cgit v1.2.3-24-g4f1b