From b1ef63e5bfc0d3995245b42154686db1400b2c22 Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Sun, 15 Oct 2006 03:26:50 +0000 Subject: Bug 206037: [SECURITY] Fix escaping/quoting in edit*.cgi scripts - Patch by Frédéric Buclin r=justdave a=justdave MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- template/en/default/reports/components.html.tmpl | 4 ++-- template/en/default/reports/keywords.html.tmpl | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'template/en/default/reports') diff --git a/template/en/default/reports/components.html.tmpl b/template/en/default/reports/components.html.tmpl index 1e9065a78..d135a7ef8 100644 --- a/template/en/default/reports/components.html.tmpl +++ b/template/en/default/reports/components.html.tmpl @@ -36,7 +36,7 @@ [% END %]

- [% product.description FILTER none %] + [% product.description FILTER html_light %]

@@ -87,7 +87,7 @@ [% END %] diff --git a/template/en/default/reports/keywords.html.tmpl b/template/en/default/reports/keywords.html.tmpl index 979c50163..1a0ae0bf5 100644 --- a/template/en/default/reports/keywords.html.tmpl +++ b/template/en/default/reports/keywords.html.tmpl @@ -24,7 +24,7 @@ # keywords: array keyword objects. May be empty. Each has has four members: # id: id of the keyword # name: the name of the keyword - # description: keyword description. May be HTML. + # description: keyword description. Can contain some limited HTML code. # bug_count: number of bugs with that keyword # caneditkeywords: boolean. True if this user can edit keywords %] @@ -55,7 +55,7 @@ [% keyword.name FILTER html %] - +
- [% comp.description FILTER none %] + [% comp.description FILTER html_light %]
[% keyword.description %][% keyword.description FILTER html_light %] [% IF keyword.bug_count > 0 %] -- cgit v1.2.3-24-g4f1b