Bug 1254675 - bug_modal template fails to escape format parameter

author David Lawrence <dkl@mozilla.com>

Thu, 10 Mar 2016 03:11:41 +0000 (03:11 +0000)

committer David Lawrence <dkl@mozilla.com>

Thu, 10 Mar 2016 03:11:48 +0000 (03:11 +0000)
author David Lawrence <dkl@mozilla.com>
Thu, 10 Mar 2016 03:11:41 +0000 (03:11 +0000)
committer David Lawrence <dkl@mozilla.com>
Thu, 10 Mar 2016 03:11:48 +0000 (03:11 +0000)
diff --git a/extensions/BugModal/template/en/default/bug_modal/edit.html.tmpl b/extensions/BugModal/template/en/default/bug_modal/edit.html.tmpl

index 9b6e0ebd44137e01bdc0443dc7486089910a79c2..25f785a9d81058f80c6d3fae36d261a54253fd8d 100644 (file)
--- a/extensions/BugModal/template/en/default/bug_modal/edit.html.tmpl
+++ b/extensions/BugModal/template/en/default/bug_modal/edit.html.tmpl
@@ -167,7 +167,7 @@
      %]
        <div id="field-value-bug_id">
          <a id="this-bug" href="show_bug.cgi?id=[% bug.id FILTER none %]
-                [%~ '&amp;format=' _ cgi.param("format") IF cgi.param("format") %]"
+                [%~ '&amp;format=' _ cgi.param("format") FILTER uri IF cgi.param("format") %]"
          >
            [%~ terms.Bug _ " " _ bug.id FILTER none ~%]
          </a>
author	David Lawrence <dkl@mozilla.com>
	Thu, 10 Mar 2016 03:11:41 +0000 (03:11 +0000)
committer	David Lawrence <dkl@mozilla.com>
	Thu, 10 Mar 2016 03:11:48 +0000 (03:11 +0000)