From 26db658179ff62a735c6b45767008603914c63ed Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Mon, 5 Jan 2015 12:50:21 +0100 Subject: Bug 1113630: Set window.opener to null for the URL field to prevent interaction between a remote script and the bug report r=gerv a=glob --- template/en/default/bug/edit.html.tmpl | 5 +++-- template/en/default/bug/show-multiple.html.tmpl | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) (limited to 'template/en/default/bug') diff --git a/template/en/default/bug/edit.html.tmpl b/template/en/default/bug/edit.html.tmpl index e27f47263..441c3ecac 100644 --- a/template/en/default/bug/edit.html.tmpl +++ b/template/en/default/bug/edit.html.tmpl @@ -492,7 +492,7 @@ [% IF is_safe_url(bug.bug_file_loc) %] + rel="noreferrer" title="[% bug.bug_file_loc FILTER html %]"> [% bug.bug_file_loc FILTER truncate(40) FILTER html %] [% ELSE %] [% bug.bug_file_loc FILTER html %] @@ -503,7 +503,8 @@ [% url_output = INCLUDE input no_td=1 inputname => "bug_file_loc" size => "40" colspan => 2 %] [% IF NOT bug.check_can_change_field("bug_file_loc", 0, 1) AND is_safe_url(bug.bug_file_loc) %] - [% url_output FILTER none %] + [% url_output FILTER none %] [% ELSE %] [% url_output FILTER none %] [% END %] diff --git a/template/en/default/bug/show-multiple.html.tmpl b/template/en/default/bug/show-multiple.html.tmpl index d3065abda..99dd53215 100644 --- a/template/en/default/bug/show-multiple.html.tmpl +++ b/template/en/default/bug/show-multiple.html.tmpl @@ -148,7 +148,7 @@ [% field_descs.bug_file_loc FILTER html %]: [% IF is_safe_url(bug.bug_file_loc) %] - + [% bug.bug_file_loc FILTER html %] [% ELSE %] [% bug.bug_file_loc FILTER html %] -- cgit v1.2.3-24-g4f1b