Bug 619637: (CVE-2010-4569) [SECURITY] XSS in user autocomplete due to lack of encodi...

[r=mkanat r=dkl a=LpSolit]

diff --git a/js/field.js b/js/field.js
index 3d1aa429fa6a171b451d6972ab5db7aceda850e2..56084e7e172fa560dd28ffb15e32c75827adf5d3 100644 (file)
--- a/js/field.js
+++ b/js/field.js
@@ -642,6 +642,13 @@ function browserCanHideOptions(aSelect) {
 
 /* (end) option hiding code */
 
+// A convenience function to sanitize raw text for harmful HTML before outputting
+function _escapeHTML(text) {
+    return text.replace(/&/g, '&').
+                replace(/</g, '&lt;').
+                replace(/>/g, '&gt;');
+}
+
 /**
  * The Autoselect
  */
@@ -667,7 +674,7 @@ YAHOO.bugzilla.userAutocomplete = {
       return stringified;
     },
     resultListFormat : function(oResultData, enteredText, sResultMatch) {
-        return ( oResultData.real_name + " (" +  oResultData.email + ")");
+        return ( _escapeHTML(oResultData.real_name) + " (" +  _escapeHTML(oResultData.email) + ")");
     },
     debug_helper : function ( ){
         /* used to help debug any errors that might happen */