From: Frédéric Buclin Date: Fri, 6 Jan 2012 00:06:06 +0000 (+0100) Subject: Bug 714664: The content of the "emailregexpdesc" parameter is not escaped when displa... X-Git-Tag: bugzilla-4.0.4~13 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b3ce8568d119f6cea9e98fa0d5140e284414497e;p=thirdparty%2Fbugzilla.git Bug 714664: The content of the "emailregexpdesc" parameter is not escaped when displayed to the user r=dkl a=LpSolit --- diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl index 54e05f64f1..6077bc474b 100644 --- a/template/en/default/global/code-error.html.tmpl +++ b/template/en/default/global/code-error.html.tmpl @@ -54,7 +54,7 @@ A legal address must contain exactly one '@', and at least one '.' after the @. [% ELSE %] - [%+ Param('emailregexpdesc') %] + [%+ Param('emailregexpdesc') FILTER html_light %] [% END %] It must also not contain any of these special characters: \ ( ) & < > , ; : " [ ], or any whitespace. diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl index 95e8fe1c91..452d99eee9 100644 --- a/template/en/default/global/user-error.html.tmpl +++ b/template/en/default/global/user-error.html.tmpl @@ -829,7 +829,7 @@ A legal address must contain exactly one '@', and at least one '.' after the @. [% ELSE %] - [%+ Param('emailregexpdesc') %] + [%+ Param('emailregexpdesc') FILTER html_light %] [% END %] It must also not contain any of these special characters: \ ( ) & < > , ; : " [ ], or any whitespace.