[bugzilla-gnome-org-upstream/4.4] Bug 1250114 - XSS possible in extensions calling global/tabs.html.tmpl if tab.link is user-controlle
- From: Andrea Veri <av src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [bugzilla-gnome-org-upstream/4.4] Bug 1250114 - XSS possible in extensions calling global/tabs.html.tmpl if tab.link is user-controlle
- Date: Wed, 18 May 2016 11:57:39 +0000 (UTC)
commit 01ad7ac3e1da1a3d7d7acc470a38d2dd57b4f6a4
Author: Dylan William Hardison <dylan hardison net>
Date: Fri May 13 13:34:19 2016 -0400
Bug 1250114 - XSS possible in extensions calling global/tabs.html.tmpl if tab.link is user-controlled
template/en/default/global/tabs.html.tmpl | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/template/en/default/global/tabs.html.tmpl b/template/en/default/global/tabs.html.tmpl
index 4540668..dc9ca4c 100644
--- a/template/en/default/global/tabs.html.tmpl
+++ b/template/en/default/global/tabs.html.tmpl
@@ -25,7 +25,7 @@
[% tab.label FILTER html %]</td>
[% ELSE %]
<td id="tab_[% tab.name FILTER html %]" class="clickable_area"
- onClick="document.location='[% tab.link FILTER html %]'">
+ onClick="document.location='[% tab.link FILTER js FILTER html %]'">
<a href="[% tab.link FILTER html %]">[% tab.label FILTER html %]</a>
</td>
[% END %]
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]