]> git.ipfire.org Git - thirdparty/bugzilla.git/commitdiff
projects / thirdparty / bugzilla.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 33c79b8)
Bug 1252437 - XSS vulnerability through malicious bug aliases
authorDylan Hardison <dylan@mozilla.com>
Tue, 1 Mar 2016 15:25:31 +0000 (10:25 -0500)
committerDylan Hardison <dylan@mozilla.com>
Tue, 1 Mar 2016 15:25:31 +0000 (10:25 -0500)
extensions/BMO/template/en/default/hook/bug/show-header-end.html.tmpl patch | blob | blame | history

diff --git a/extensions/BMO/template/en/default/hook/bug/show-header-end.html.tmpl b/extensions/BMO/template/en/default/hook/bug/show-header-end.html.tmpl
index c9338aaf253f1847fc2888cebfdd327b74da760b..c49d06b7399aa410ce30f9a9bf41a987a138dac1 100644 (file)
--- a/extensions/BMO/template/en/default/hook/bug/show-header-end.html.tmpl
+++ b/extensions/BMO/template/en/default/hook/bug/show-header-end.html.tmpl
@@ -14,7 +14,8 @@
 [% END %]
 [% title = "$bug.bug_id &ndash; " %]
 [% IF bug.alias != '' %]
-  [% title = title _ "($bug.alias) " %]
+  [% filtered_alias = bug.alias FILTER html %]
+  [% title = title _ "($filtered_alias) " %]
 [% END %]
 [% title = title _ filtered_desc %]
 [% javascript = javascript _ 
Mirror of https://github.com/bugzilla/bugzilla.git