]> git.ipfire.org Git - thirdparty/bugzilla.git/commitdiff
projects / thirdparty / bugzilla.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ee24e1e)
Bug 1250114 - XSS possible in extensions calling global/tabs.html.tmpl if tab.link...
authorDylan William Hardison <dylan@hardison.net>
Fri, 13 May 2016 17:34:19 +0000 (13:34 -0400)
committerDylan William Hardison <dylan@hardison.net>
Fri, 13 May 2016 17:34:30 +0000 (13:34 -0400)
template/en/default/global/tabs.html.tmpl patch | blob | blame | history

diff --git a/template/en/default/global/tabs.html.tmpl b/template/en/default/global/tabs.html.tmpl
index 454066889de983defdbeac1dc6bf609fbbc23298..dc9ca4c0a6971d27445cc729f9217851a8500bb9 100644 (file)
--- a/template/en/default/global/tabs.html.tmpl
+++ b/template/en/default/global/tabs.html.tmpl
@@ -25,7 +25,7 @@
             [% tab.label FILTER html %]</td>
         [% ELSE %]
           <td id="tab_[% tab.name FILTER html %]" class="clickable_area"
-              onClick="document.location='[% tab.link FILTER html %]'">
+              onClick="document.location='[% tab.link FILTER js FILTER html %]'">
             <a href="[% tab.link FILTER html %]">[% tab.label FILTER html %]</a>
           </td>
         [% END %]
Mirror of https://github.com/bugzilla/bugzilla.git