From: Frédéric Buclin <LpSolit@gmail.com>
Date: Thu, 9 Jan 2014 16:49:42 +0000 (+0100)
Subject: Bug 957826: XSS in the comment tag field
X-Git-Tag: bugzilla-4.5.2~40
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e117d6b88aec9301c04600842c515053f4b74a2a;p=thirdparty%2Fbugzilla.git

Bug 957826: XSS in the comment tag field
r=glob a=justdave
---

diff --git a/js/comment-tagging.js b/js/comment-tagging.js
index b700fe11dd..035d05b0b7 100644
--- a/js/comment-tagging.js
+++ b/js/comment-tagging.js
@@ -197,7 +197,7 @@ YAHOO.bugzilla.commentTagging = {
                     YAHOO.util.Event.stopEvent(evt);
                 }, tag);
                 li.appendChild(document.createTextNode(' (' + this.nos_by_tag[tag].length + ')'));
-                a.innerHTML = tag;
+                a.innerHTML = YAHOO.lang.escapeHTML(tag);
             }
             while (container.hasChildNodes()) {
                 container.removeChild(container.lastChild);