From 078c49317674c5d62135deff544a0b72a4546cdf Mon Sep 17 00:00:00 2001
From: Reed Loden <reed@reedloden.com>
Date: Mon, 24 Jan 2011 10:08:37 -0800
Subject: Bug 619648: (CVE-2010-4570) [SECURITY] XSS via summary in "possible
 duplicates" table due to lack of encoding by YUI [r=mkanat a=LpSolit]

---
 template/en/default/bug/create/create.html.tmpl | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'template/en/default/bug/create/create.html.tmpl')

diff --git a/template/en/default/bug/create/create.html.tmpl b/template/en/default/bug/create/create.html.tmpl
index a2e7b7eae..8c717760e 100644
--- a/template/en/default/bug/create/create.html.tmpl
+++ b/template/en/default/bug/create/create.html.tmpl
@@ -533,7 +533,8 @@ TUI_hide_default('attachment_text_field');
               { key: "id", label: "[% field_descs.bug_id FILTER js %]",
                 formatter: YAHOO.bugzilla.dupTable.formatBugLink },
               { key: "summary", 
-                label: "[% field_descs.short_desc FILTER js %]" },
+                label: "[% field_descs.short_desc FILTER js %]",
+                formatter: "text" },
               { key: "status",
                 label: "[% field_descs.bug_status FILTER js %]",
                 formatter: YAHOO.bugzilla.dupTable.formatStatus },
-- 
cgit v1.2.3-24-g4f1b