From: Dylan William Hardison <dylan@hardison.net>
Date: Fri, 13 May 2016 17:34:19 +0000 (-0400)
Subject: Bug 1250114 - XSS possible in extensions calling global/tabs.html.tmpl if tab.link... 
X-Git-Tag: release-5.0.3~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a59f1e99c2285b2802a3da45658095b121d0f5cb;p=thirdparty%2Fbugzilla.git

Bug 1250114 - XSS possible in extensions calling global/tabs.html.tmpl if tab.link is user-controlled
---

diff --git a/template/en/default/global/tabs.html.tmpl b/template/en/default/global/tabs.html.tmpl
index 9cf5a897ba..5116404775 100644
--- a/template/en/default/global/tabs.html.tmpl
+++ b/template/en/default/global/tabs.html.tmpl
@@ -25,7 +25,7 @@
             [% tab.label FILTER html %]</td>
         [% ELSE %]
           <td id="tab_[% tab.name FILTER html %]" class="clickable_area"
-              onClick="document.location='[% tab.link FILTER html %]'">
+              onClick="document.location='[% tab.link FILTER js FILTER html %]'">
             <a href="[% tab.link FILTER html %]">[% tab.label FILTER html %]</a>
           </td>
         [% END %]