From d1b9fdeefdef639786fb9a989250ec694615fc70 Mon Sep 17 00:00:00 2001
From: Reed Loden <reed@reedloden.com>
Date: Mon, 24 Jan 2011 10:09:19 -0800
Subject: [PATCH] Bug 619648: (CVE-2010-4570) [SECURITY] XSS via summary in
 "possible duplicates" table due to lack of encoding by YUI [r=mkanat
 a=LpSolit]

---
 template/en/default/bug/create/create.html.tmpl | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/template/en/default/bug/create/create.html.tmpl b/template/en/default/bug/create/create.html.tmpl
index d81523742a..57a267753c 100644
--- a/template/en/default/bug/create/create.html.tmpl
+++ b/template/en/default/bug/create/create.html.tmpl
@@ -530,7 +530,8 @@ TUI_hide_default('expert_fields');
               { key: "id", label: "[% field_descs.bug_id FILTER js %]",
                 formatter: YAHOO.bugzilla.dupTable.formatBugLink },
               { key: "summary", 
-                label: "[% field_descs.short_desc FILTER js %]" },
+                label: "[% field_descs.short_desc FILTER js %]",
+                formatter: "text" },
               { key: "status",
                 label: "[% field_descs.bug_status FILTER js %]",
                 formatter: YAHOO.bugzilla.dupTable.formatStatus },
-- 
2.47.2