From f8813fc6a94b4e8e6d5e77009458ed8cb5a856c7 Mon Sep 17 00:00:00 2001
From: Byron Jones <glob@mozilla.com>
Date: Wed, 28 Dec 2011 17:10:39 -0500
Subject: Bug 697699 - (CVE-2011-3657) [SECURITY] XSS when viewing new charts
 or tabular and graphical reports in debug mode r=gerv, a=LpSolit

---
 report.cgi | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'report.cgi')

diff --git a/report.cgi b/report.cgi
index 20e899a6b..209ef0faf 100755
--- a/report.cgi
+++ b/report.cgi
@@ -288,9 +288,9 @@ print $cgi->header(-type => $format->{'ctype'},
 if ($cgi->param('debug')) {
     require Data::Dumper;
     say "<pre>data hash:";
-    say Data::Dumper::Dumper(%data);
+    say html_quote(Data::Dumper::Dumper(%data));
     say "\ndata array:";
-    say Data::Dumper::Dumper(@image_data) . "\n\n</pre>";
+    say html_quote(Data::Dumper::Dumper(@image_data)) . "\n\n</pre>";
 }
 
 # All formats point to the same section of the documentation.
-- 
cgit v1.2.3-24-g4f1b