From 3368986490028be41351d4329fb4976df2eb75e1 Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Wed, 23 Mar 2016 10:27:37 +0100 Subject: Bug 1254226: XSS through javascript: callback URLs in auth delegation r=dylan --- template/en/default/global/user-error.html.tmpl | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'template/en/default') diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl index 998aed4fe..8c0cc8b7a 100644 --- a/template/en/default/global/user-error.html.tmpl +++ b/template/en/default/global/user-error.html.tmpl @@ -122,6 +122,11 @@ This site does not have auth delegation enabled. Please contact an administrator if you require this functionality. + [% ELSIF error == "auth_delegation_illegal_protocol" %] + [% title = "Invalid Protocol" %] + The callback URI uses an illegal protocol: [% protocol FILTER html %]. + Only http and https are allowed. + [% ELSIF error == "auth_delegation_missing_callback" %] [% title = "Auth delegation impossible without callback URI" %] It looks like auth delegation was attempted, but no callback URI was passed. -- cgit v1.2.3-24-g4f1b