Bug 1252554 - Avoid possibility of XSS in release tracking report

author Dylan Hardison <dylan@mozilla.com>

Tue, 8 Mar 2016 14:32:41 +0000 (09:32 -0500)

committer Dylan Hardison <dylan@mozilla.com>

Tue, 8 Mar 2016 14:32:41 +0000 (09:32 -0500)
author Dylan Hardison <dylan@mozilla.com>
Tue, 8 Mar 2016 14:32:41 +0000 (09:32 -0500)
committer Dylan Hardison <dylan@mozilla.com>
Tue, 8 Mar 2016 14:32:41 +0000 (09:32 -0500)
diff --git a/extensions/BMO/template/en/default/pages/release_tracking_report.html.tmpl b/extensions/BMO/template/en/default/pages/release_tracking_report.html.tmpl

index 25188ed416f80a78d6aad70a04e9058f8a504082..79587205c10d5877a4ad261462c3871e83e6bbb1 100644 (file)
--- a/extensions/BMO/template/en/default/pages/release_tracking_report.html.tmpl
+++ b/extensions/BMO/template/en/default/pages/release_tracking_report.html.tmpl
@@ -19,9 +19,9 @@
  </noscript>
  
  <script>
-var flags_data = [% flags_json FILTER none %];
-var products_data = [% products_json FILTER none %];
-var fields_data = [% fields_json FILTER none %];
+var flags_data = $.parseJSON("[% flags_json FILTER js %]");
+var products_data = $.parseJSON("[% products_json FILTER js %]");
+var fields_data = $.parseJSON("[% fields_json FILTER js %]");
  var default_query = '[% default_query FILTER js %]';
  </script>
author	Dylan Hardison <dylan@mozilla.com>
	Tue, 8 Mar 2016 14:32:41 +0000 (09:32 -0500)
committer	Dylan Hardison <dylan@mozilla.com>
	Tue, 8 Mar 2016 14:32:41 +0000 (09:32 -0500)