Bug 957826: XSS in the comment tag field

author Frédéric Buclin <LpSolit@gmail.com>

Thu, 9 Jan 2014 16:49:42 +0000 (17:49 +0100)

committer Frédéric Buclin <LpSolit@gmail.com>

Thu, 9 Jan 2014 16:49:42 +0000 (17:49 +0100)
author Frédéric Buclin <LpSolit@gmail.com>
Thu, 9 Jan 2014 16:49:42 +0000 (17:49 +0100)
committer Frédéric Buclin <LpSolit@gmail.com>
Thu, 9 Jan 2014 16:49:42 +0000 (17:49 +0100)
diff --git a/js/comment-tagging.js b/js/comment-tagging.js

index b700fe11dd16eaf70fd952ec5d6c5d3371eea8ce..035d05b0b73e996e291f39a5a7271191b4b31ee0 100644 (file)
--- a/js/comment-tagging.js
+++ b/js/comment-tagging.js
@@ -197,7 +197,7 @@ YAHOO.bugzilla.commentTagging = {
                      YAHOO.util.Event.stopEvent(evt);
                  }, tag);
                  li.appendChild(document.createTextNode(' (' + this.nos_by_tag[tag].length + ')'));
-                a.innerHTML = tag;
+                a.innerHTML = YAHOO.lang.escapeHTML(tag);
              }
              while (container.hasChildNodes()) {
                  container.removeChild(container.lastChild);
author	Frédéric Buclin <LpSolit@gmail.com>
	Thu, 9 Jan 2014 16:49:42 +0000 (17:49 +0100)
committer	Frédéric Buclin <LpSolit@gmail.com>
	Thu, 9 Jan 2014 16:49:42 +0000 (17:49 +0100)