Bug 503980: show_bug.cgi doesn't properly escape <!-- inside bug summary - Patch...

diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index f90e472b55fb1955f31b00240dad4fa50680e635..49954a5215601470f4e927a088d33ae9f0c2b957 100644 (file)
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -520,6 +520,7 @@ sub create {
                 $var =~ s/\n/\\n/g;
                 $var =~ s/\r/\\r/g;
                 $var =~ s/\@/\\x40/g; # anti-spam for email addresses
+                $var =~ s/</\\x3c/g;
                 return $var;
             },