From: mkanat%bugzilla.org <> Date: Sat, 3 Feb 2007 05:42:00 +0000 (+0000) Subject: Bug 367674: [SECURITY] XSS when reading Atom feeds due to unescaped HTML X-Git-Tag: bugzilla-2.20.4~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2cd9b2b1541cf14e0d16424e9966e8cb08d1822c;p=thirdparty%2Fbugzilla.git Bug 367674: [SECURITY] XSS when reading Atom feeds due to unescaped HTML Patch By Frédéric Buclin r=bkor, a=mkanat --- diff --git a/template/en/default/list/list.atom.tmpl b/template/en/default/list/list.atom.tmpl index 5e15708110..d3ce063917 100644 --- a/template/en/default/list/list.atom.tmpl +++ b/template/en/default/list/list.atom.tmpl @@ -62,23 +62,23 @@ FieldValue - [% columns.opendate.title FILTER none %] - [% bug.opendate FILTER none %] + [% columns.opendate.title FILTER html %] + [% bug.opendate FILTER html %] - [% columns.assigned_to_realname.title FILTER none %] - [% bug.assigned_to_realname FILTER none %] + [% columns.assigned_to_realname.title FILTER html %] + [% bug.assigned_to_realname FILTER html %] - [% columns.priority.title FILTER none %] - [% bug.priority FILTER none %] + [% columns.priority.title FILTER html %] + [% bug.priority FILTER html %] - [% columns.bug_severity.title FILTER none %] - [% bug.bug_severity FILTER none %] + [% columns.bug_severity.title FILTER html %] + [% bug.bug_severity FILTER html %] - [% columns.bug_status.title FILTER none %] - [% bug.bug_status FILTER none %] + [% columns.bug_status.title FILTER html %] + [% bug.bug_status FILTER html %] - [% columns.changeddate.title FILTER none %] - [% bug.changeddate FILTER none -%] + [% columns.changeddate.title FILTER html %] + [% bug.changeddate FILTER html -%] [% END %]