From: Kohei Yoshino <kohei.yoshino@gmail.com>
Date: Sun, 14 Apr 2019 22:30:57 +0000 (-0400)
Subject: Bug 1544304 - Wrong escaping of quotes in attachment titles.
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=65ddd116daf2d6f30a342fcca0419f5bd761235d;p=thirdparty%2Fbugzilla.git

Bug 1544304 - Wrong escaping of quotes in attachment titles.
---

diff --git a/extensions/BugModal/web/comments.js b/extensions/BugModal/web/comments.js
index ed9c91bf7..39607fbf1 100644
--- a/extensions/BugModal/web/comments.js
+++ b/extensions/BugModal/web/comments.js
@@ -569,7 +569,7 @@ Bugzilla.BugModal.Comments = class Comments {
     // Show image smaller than 2 MB
     if (type.match(/^image\/(?!vnd).+$/) && size < max_size) {
       $att.insertAdjacentHTML('beforeend', `
-        <a href="${link}" class="outer lightbox"><img src="${link}" alt="${name}" itemprop="image"></a>`);
+        <a href="${link}" class="outer lightbox"><img src="${link}" alt="${name.htmlEncode()}" itemprop="image"></a>`);
 
       // Add lightbox support
       $att.querySelector('.outer.lightbox').addEventListener('click', event => {
@@ -610,7 +610,7 @@ Bugzilla.BugModal.Comments = class Comments {
         const lang = is_patch ? 'diff' : type.match(/\w+$/)[0];
 
         $att.insertAdjacentHTML('beforeend', `
-          <button type="button" role="link" title="${name}" class="outer">
+          <button type="button" role="link" title="${name.htmlEncode()}" class="outer">
           <pre class="language-${lang}" role="img" itemprop="text">${text.htmlEncode()}</pre></button>`);
 
         // Make the button work as a link. It cannot be `<a>` because Prism Autolinker plugin may add links to `<pre>`
diff --git a/extensions/FlagTypeComment/web/js/ftc.js b/extensions/FlagTypeComment/web/js/ftc.js
index a6736707c..1b8b754d2 100644
--- a/extensions/FlagTypeComment/web/js/ftc.js
+++ b/extensions/FlagTypeComment/web/js/ftc.js
@@ -198,12 +198,15 @@ Bugzilla.FlagTypeComment = class FlagTypeComment {
             (att.is_patch || this.extra_patch_types.includes(att.content_type)));
 
           if (others.length) {
-            $fieldset.querySelector('tbody').insertAdjacentHTML('beforeend',
-              '<tr class="other-patches"><th>Do you want to request approval of these patches as well?</th><td>' +
-              `${others.map(patch =>
-                `<div><label><input type="checkbox" checked data-id="${patch.id}"> ${patch.summary}</label></div>`
-              ).join('')}` +
-              '</td></tr>');
+            $fieldset.querySelector('tbody').insertAdjacentHTML('beforeend', `
+              <tr class="other-patches"><th>Do you want to request approval of these patches as well?</th><td>
+              ${others.map(patch => `
+                <div>
+                  <label><input type="checkbox" checked data-id="${patch.id}"> ${patch.summary.htmlEncode()}</label>
+                </div>
+              `).join('')}
+              </td></tr>
+            `);
           }
         });
       }