From: Reed Loden <reed@reedloden.com>
Date: Mon, 24 Jan 2011 18:06:25 +0000 (-0800)
Subject: Bug 619637: (CVE-2010-4569) [SECURITY] XSS in user autocomplete due to lack of encodi... 
X-Git-Tag: bugzilla-4.0rc2~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e2bf62dadca4a4d166adfdeee16e6e59ee60e525;p=thirdparty%2Fbugzilla.git

Bug 619637: (CVE-2010-4569) [SECURITY] XSS in user autocomplete due to lack of encoding by YUI
[r=mkanat r=dkl a=LpSolit]
---

diff --git a/js/field.js b/js/field.js
index 3d1aa429fa..56084e7e17 100644
--- a/js/field.js
+++ b/js/field.js
@@ -642,6 +642,13 @@ function browserCanHideOptions(aSelect) {
 
 /* (end) option hiding code */
 
+// A convenience function to sanitize raw text for harmful HTML before outputting
+function _escapeHTML(text) {
+    return text.replace(/&/g, '&amp;').
+                replace(/</g, '&lt;').
+                replace(/>/g, '&gt;');
+}
+
 /**
  * The Autoselect
  */
@@ -667,7 +674,7 @@ YAHOO.bugzilla.userAutocomplete = {
       return stringified;
     },
     resultListFormat : function(oResultData, enteredText, sResultMatch) {
-        return ( oResultData.real_name + " (" +  oResultData.email + ")");
+        return ( _escapeHTML(oResultData.real_name) + " (" +  _escapeHTML(oResultData.email) + ")");
     },
     debug_helper : function ( ){
         /* used to help debug any errors that might happen */