From: David Lawrence <dkl@mozilla.com>
Date: Tue, 10 May 2016 13:52:59 +0000 (+0000)
Subject: Bug 1271635 - XSS when viewing image attachments
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6a48e0211dec6ec2d5a73ad1982682b744fb3474;p=thirdparty%2Fbugzilla.git

Bug 1271635 - XSS when viewing image attachments
---

diff --git a/extensions/BugModal/web/bug_modal.js b/extensions/BugModal/web/bug_modal.js
index 2d7bb4764..e0ef40a13 100644
--- a/extensions/BugModal/web/bug_modal.js
+++ b/extensions/BugModal/web/bug_modal.js
@@ -1373,7 +1373,7 @@ function lb_show(el) {
         .addClass('minor')
         .text('Close')
         .appendTo(overlay2);
-    title.append(el.title);
+    title.text(el.title);
     overlay.add(overlay2).click(lb_close);
     img.add(overlay).animate({ opacity: 1 }, 200);
 }