From 9244270a7d1ca49e315a98c24d51bf405bfa2880 Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Mon, 24 Jan 2011 19:29:39 +0100
Subject: Bug 619588: (CVE-2010-4567) [SECURITY] Safety checks that disallow
 clicking for javascript: or data: URLs in the URL field can be evaded with
 prefixed whitespace

and

Bug 628034: (CVE-2011-0048) [SECURITY] For not-logged-in users, the URL field doesn't safeguard against javascript: or data: URLs

r=dkl a=LpSolit
---
 template/en/default/bug/show-multiple.html.tmpl | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'template/en/default/bug/show-multiple.html.tmpl')

diff --git a/template/en/default/bug/show-multiple.html.tmpl b/template/en/default/bug/show-multiple.html.tmpl
index 56f732667..33dde14a3 100644
--- a/template/en/default/bug/show-multiple.html.tmpl
+++ b/template/en/default/bug/show-multiple.html.tmpl
@@ -163,11 +163,11 @@
       <tr>
         <th>[% field_descs.bug_file_loc FILTER html %]:</th>
         <td colspan="3">
-          [% IF bug.bug_file_loc.match("^(javascript|data)") %]
-            [% bug.bug_file_loc FILTER html %]
-          [% ELSE %]
+          [% IF is_safe_url(bug.bug_file_loc) %]
             <a href="[% bug.bug_file_loc FILTER html %]">
                      [% bug.bug_file_loc FILTER html %]</a>
+          [% ELSE %]
+            [% bug.bug_file_loc FILTER html %]
           [% END %]
         </td>
       </tr>
-- 
cgit v1.2.3-24-g4f1b