From 29021b187f042f023584dd3986c086ca68bef0a2 Mon Sep 17 00:00:00 2001
From: "justdave%syndicomm.com" <>
Date: Fri, 25 Apr 2003 03:49:27 +0000
Subject: Bug 192677: Add new test to flag failure-to-filter situations in the
 templates, and correct the XSS holes that were discovered as a result of it.
 Patch by Gervase Markham <gerv@mozilla.org> r= myk, bbaetz, justdave a=
 justdave

---
 template/en/default/global/message.html.tmpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'template/en/default/global/message.html.tmpl')

diff --git a/template/en/default/global/message.html.tmpl b/template/en/default/global/message.html.tmpl
index f6cb321c6..58cd56908 100644
--- a/template/en/default/global/message.html.tmpl
+++ b/template/en/default/global/message.html.tmpl
@@ -34,7 +34,7 @@
 [%# Display a URL if the calling script or message block has included one. %]
 [% IF url && link %]
   <p>
-    <a href="[% url %]">[% link %]</a>
+    <a href="[% url FILTER html %]">[% link FILTER html %]</a>
   </p>
 [% END %]
 
-- 
cgit v1.2.3-24-g4f1b