From fe259aba572e08df22557251ca9279f512f6862c Mon Sep 17 00:00:00 2001
From: Simon Bennetts <psiinon@gmail.com>
Date: Wed, 4 Apr 2018 18:21:33 +0100
Subject: Bug 1446431 - Allow Baseline scan to ignore forms that dont need CSRF
 Tokens

The data-no-csrf attribute is used to signify that a form is 'safe' (ie
doesn't actually make any permanent changes) and so doesn't need an
anti-csrf token.
---
 template/en/default/search/search-advanced.html.tmpl | 2 +-
 template/en/default/search/search-google.html.tmpl   | 2 +-
 template/en/default/search/search-specific.html.tmpl | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

(limited to 'template/en/default/search')

diff --git a/template/en/default/search/search-advanced.html.tmpl b/template/en/default/search/search-advanced.html.tmpl
index 60f47a916..b51906774 100644
--- a/template/en/default/search/search-advanced.html.tmpl
+++ b/template/en/default/search/search-advanced.html.tmpl
@@ -60,7 +60,7 @@ function remove_token() {
 <p id="search_help">Hover your mouse over each field label to get help for that field.</p>
 
 <form method="post" action="buglist.cgi" name="queryform" id="queryform"
-      onsubmit="remove_token()">
+      onsubmit="remove_token()" data-no-csrf>
 
 [% PROCESS search/form.html.tmpl %]
 
diff --git a/template/en/default/search/search-google.html.tmpl b/template/en/default/search/search-google.html.tmpl
index ad45cce94..7fdc1daaa 100644
--- a/template/en/default/search/search-google.html.tmpl
+++ b/template/en/default/search/search-google.html.tmpl
@@ -31,7 +31,7 @@
   Google only indexes publicly viewable [% terms.bugs %] and all may not be represented.
 <p>
 
-<form method="get" action="https://www.google.com/search">
+<form method="get" action="https://www.google.com/search" data-no-csrf>
 <input type="hidden" name="sitesearch" value="bugzilla.mozilla.org">
   <nobr>
     <input type="text" name="q" size="60" maxlength="255" value="">
diff --git a/template/en/default/search/search-specific.html.tmpl b/template/en/default/search/search-specific.html.tmpl
index 3b4cc3514..be314101f 100644
--- a/template/en/default/search/search-specific.html.tmpl
+++ b/template/en/default/search/search-specific.html.tmpl
@@ -39,7 +39,7 @@ For example, if the [% terms.bug %] you are looking for is a browser crash when
 for "crash secure SSL flash".
 </p>
 
-<form name="queryform" method="get" action="buglist.cgi">
+<form name="queryform" method="get" action="buglist.cgi" data-no-csrf>
 <input type="hidden" name="query_format" value="specific">
 <input type="hidden" name="order" value="relevance desc">
 
-- 
cgit v1.2.3-24-g4f1b