From 54f8e937861494f938ab7b2c8d45b88cc998d75e Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Fri, 13 May 2016 13:34:19 -0400
Subject: Bug 1250114 - XSS possible in extensions calling
 global/tabs.html.tmpl if tab.link is user-controlled

---
 template/en/default/global/tabs.html.tmpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'template')

diff --git a/template/en/default/global/tabs.html.tmpl b/template/en/default/global/tabs.html.tmpl
index 9cf5a897b..511640477 100644
--- a/template/en/default/global/tabs.html.tmpl
+++ b/template/en/default/global/tabs.html.tmpl
@@ -25,7 +25,7 @@
             [% tab.label FILTER html %]</td>
         [% ELSE %]
           <td id="tab_[% tab.name FILTER html %]" class="clickable_area"
-              onClick="document.location='[% tab.link FILTER html %]'">
+              onClick="document.location='[% tab.link FILTER js FILTER html %]'">
             <a href="[% tab.link FILTER html %]">[% tab.label FILTER html %]</a>
           </td>
         [% END %]
-- 
cgit v1.2.3-24-g4f1b