Bug 728892: The attachment "Details" page is still vulnerable to Clickjacking with SVG or XHTML attachments

r/a=justdave git-svn-id: svn://10.0.0.236/trunk@265284 18797224-902f-48f8-a5cc-f745e15eee43
2014-03-12 19:00:52 +00:00 · 2014-03-12 19:00:52 +00:00 · 2c91703716
commit 2c91703716
parent 8c36f79194
4 changed files with 4 additions and 4 deletions
--- a/mozilla/webtools/bugzilla/.bzrrev
+++ b/mozilla/webtools/bugzilla/.bzrrev
@ -1 +1 @@
-8957
+8958
--- a/mozilla/webtools/bugzilla/.gitrev
+++ b/mozilla/webtools/bugzilla/.gitrev
@ -1 +1 @@
-d51abfd7e3e1fcc3eea37e72ab0f49f3e28950a2
+ca7b39aa66be9b4deea1ead8e6a788025759b80d
--- a/mozilla/webtools/bugzilla/template/en/default/attachment/edit.html.tmpl
+++ b/mozilla/webtools/bugzilla/template/en/default/attachment/edit.html.tmpl
@ -197,7 +197,7 @@
                 readonly = 'readonly'
              %]
            [% ELSE %]
-              <iframe id="viewFrame" src="attachment.cgi?id=[% attachment.id %]">
+              <iframe id="viewFrame" src="attachment.cgi?id=[% attachment.id %]" sandbox>
                <b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
                <a href="attachment.cgi?id=[% attachment.id %]">View the attachment on a separate page</a>.</b>
              </iframe>
--- a/mozilla/webtools/bugzilla/template/en/default/attachment/show-multiple.html.tmpl
+++ b/mozilla/webtools/bugzilla/template/en/default/attachment/show-multiple.html.tmpl
@ -78,7 +78,7 @@
         classes = 'viewall_frame'
      %]
    [% ELSE %]
-      <iframe src="attachment.cgi?id=[% a.id %]" class="viewall_frame">
+      <iframe src="attachment.cgi?id=[% a.id %]" class="viewall_frame" sandbox>
        <b>You cannot view the attachment on this page because your browser does not support IFRAMEs.
        <a href="attachment.cgi?id=[% a.id %]">View the attachment on a separate page</a>.</b>
      </iframe>