Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 842063: HTML injection is possible using the bug alias

Browse Source 
r=dkl a=LpSolit


git-svn-id: svn://10.0.0.236/trunk@264756 18797224-902f-48f8-a5cc-f745e15eee43
This commit is contained in:
mkanat%bugzilla.org 2013-02-18 12:30:50 +00:00
parent c9f1c0d400
commit e2adc8711a
2 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
mozilla/webtools/bugzilla/.bzrrev
View File

@ -1 +1 @@
8583 8584

6
mozilla/webtools/bugzilla/template/en/default/bug/show-header.html.tmpl
View File

@ -13,12 +13,14 @@
# be overridden by the calling templates. # be overridden by the calling templates.
#%] #%]
[% filtered_alias = bug.alias FILTER html %]
[% filtered_desc = bug.short_desc FILTER html %] [% filtered_desc = bug.short_desc FILTER html %]
[% subheader = filtered_desc %]
[% filtered_timestamp = bug.delta_ts FILTER time %] [% filtered_timestamp = bug.delta_ts FILTER time %]
[% subheader = filtered_desc %]
[% title = "$terms.Bug $bug.bug_id – " %] [% title = "$terms.Bug $bug.bug_id – " %]
[% IF bug.alias != '' %] [% IF bug.alias != '' %]
[% title = title _ "($bug.alias) " %] [% title = title _ "($filtered_alias) " %]
[% END %] [% END %]
[% title = title _ filtered_desc %] [% title = title _ filtered_desc %]
[% yui = ['autocomplete', 'calendar'] %] [% yui = ['autocomplete', 'calendar'] %]