From e117d6b88aec9301c04600842c515053f4b74a2a Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Thu, 9 Jan 2014 17:49:42 +0100
Subject: Bug 957826: XSS in the comment tag field r=glob a=justdave

---
 js/comment-tagging.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'js')

diff --git a/js/comment-tagging.js b/js/comment-tagging.js
index b700fe11d..035d05b0b 100644
--- a/js/comment-tagging.js
+++ b/js/comment-tagging.js
@@ -197,7 +197,7 @@ YAHOO.bugzilla.commentTagging = {
                     YAHOO.util.Event.stopEvent(evt);
                 }, tag);
                 li.appendChild(document.createTextNode(' (' + this.nos_by_tag[tag].length + ')'));
-                a.innerHTML = tag;
+                a.innerHTML = YAHOO.lang.escapeHTML(tag);
             }
             while (container.hasChildNodes()) {
                 container.removeChild(container.lastChild);
-- 
cgit v1.2.3-24-g4f1b