From 29021b187f042f023584dd3986c086ca68bef0a2 Mon Sep 17 00:00:00 2001
From: "justdave%syndicomm.com" <>
Date: Fri, 25 Apr 2003 03:49:27 +0000
Subject: Bug 192677: Add new test to flag failure-to-filter situations in the
 templates, and correct the XSS holes that were discovered as a result of it.
 Patch by Gervase Markham <gerv@mozilla.org> r= myk, bbaetz, justdave a=
 justdave

---
 template/en/default/global/user-error.html.tmpl | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'template/en/default/global/user-error.html.tmpl')

diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index fe1d9e223..934c0511f 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -235,7 +235,7 @@
     
   [% ELSIF error == "illegal_date" %]
     [% title = "Your Query Makes No Sense" %]
-    '<tt>[% date %]</tt>' is not a legal date.
+    '<tt>[% date FILTER html %]</tt>' is not a legal date.
     
   [% ELSIF error == "illegal_email_address" %]
     [% title = "Invalid Email Address" %]
@@ -290,6 +290,11 @@
     in your browser. To help us fix this limitation, add your comments to 
     <a href="http://bugzilla.mozilla.org/show_bug.cgi?id=70907">bug 70907</a>.
 
+  [% ELSIF error == "invalid_changedsince" %]
+    [% title = "Invalid 'Changed Since'" %]
+    The 'changed since' value, '[% changedsince FILTER html %]', must be an
+    integer >= 0.
+
   [% ELSIF error == "invalid_content_type" %]
     [% title = "Invalid Content-Type" %]
     The content type <em>[% contenttype FILTER html %]</em> is invalid.
@@ -355,7 +360,7 @@
   [% ELSIF error == "missing_email_type" %]
     [% title = "Your Query Makes No Sense" %]
     You must specify one or more fields in which to search for
-    <tt>[% email %]</tt>.
+    <tt>[% email FILTER html %]</tt>.
     
   [% ELSIF error == "missing_query" %]
     [% title = "Missing Query" %]
-- 
cgit v1.2.3-24-g4f1b