Bug 619637: (CVE-2010-4569) [SECURITY] XSS in user autocomplete due to lack of encodi...

[r=mkanat r=dkl a=LpSolit]

diff --git a/js/field.js b/js/field.js
index 621cdf3eba99caa68a0dc602333db18ebb781a41..9d0f346ef51918cfabe677b465f8b618d7503ce6 100644 (file)
--- a/js/field.js
+++ b/js/field.js
@@ -661,6 +661,13 @@ function browserCanHideOptions(aSelect) {
 
 /* (end) option hiding code */
 
+// A convenience function to sanitize raw text for harmful HTML before outputting
+function _escapeHTML(text) {
+    return text.replace(/&/g, '&').
+                replace(/</g, '&lt;').
+                replace(/>/g, '&gt;');
+}
+
 /**
  * The Autoselect
  */
@@ -686,7 +693,7 @@ YAHOO.bugzilla.userAutocomplete = {
       return stringified;
     },
     resultListFormat : function(oResultData, enteredText, sResultMatch) {
-        return ( oResultData.real_name + " (" +  oResultData.email + ")");
+        return ( _escapeHTML(oResultData.real_name) + " (" +  _escapeHTML(oResultData.email) + ")");
     },
     debug_helper : function ( ){
         /* used to help debug any errors that might happen */