From 3a3636a8e51513cda6979bf13c02f573d1e9737f Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Tue, 13 Nov 2012 18:56:26 +0100 Subject: Bug 790296 (CVE-2012-4189): [SECURITY] Field values are not escaped correctly in tabular reports r=dkl a=LpSolit --- template/en/default/reports/report-table.html.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'template') diff --git a/template/en/default/reports/report-table.html.tmpl b/template/en/default/reports/report-table.html.tmpl index 8a3ab9524..b41753550 100644 --- a/template/en/default/reports/report-table.html.tmpl +++ b/template/en/default/reports/report-table.html.tmpl @@ -102,7 +102,7 @@ YAHOO.util.Event.addListener(window, "load", function() { var myColumnDefs = [ {key:"row_title", label:"", sortable:true, sortOptions: { sortFunction:totalNumberSorter }}, [% FOREACH col = col_names %] - {key:"[% col FILTER js %]", label:"[% display_value(col_field, col) FILTER js %]", sortable:true, + {key:"[% col FILTER js %]", label:"[% display_value(col_field, col) FILTER html FILTER js %]", sortable:true, formatter:this.Linkify, sortOptions: { defaultDir: YAHOO.widget.DataTable.CLASS_DESC, sortFunction:totalNumberSorter }}, [% END %] {key:"total", label:"Total", sortable:true, formatter:this.LinkifyTotal, -- cgit v1.2.3-24-g4f1b