aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDylan William Hardison <dylan@hardison.net>2016-05-13 13:34:19 -0400
committerDylan William Hardison <dylan@hardison.net>2016-05-13 13:35:22 -0400
commita59f1e99c2285b2802a3da45658095b121d0f5cb (patch)
tree920f18b47b0c1d815b759edd9a3ad07286813c42
parentAdd build.platform = linux64, machine.platform = linux64 to taskgraph.json to... (diff)
downloadbugzilla-a59f1e99c2285b2802a3da45658095b121d0f5cb.tar.gz
bugzilla-a59f1e99c2285b2802a3da45658095b121d0f5cb.tar.bz2
bugzilla-a59f1e99c2285b2802a3da45658095b121d0f5cb.zip
Bug 1250114 - XSS possible in extensions calling global/tabs.html.tmpl if tab.link is user-controlled
-rw-r--r--template/en/default/global/tabs.html.tmpl2
1 files changed, 1 insertions, 1 deletions
diff --git a/template/en/default/global/tabs.html.tmpl b/template/en/default/global/tabs.html.tmpl
index 9cf5a897b..511640477 100644
--- a/template/en/default/global/tabs.html.tmpl
+++ b/template/en/default/global/tabs.html.tmpl
@@ -25,7 +25,7 @@
[% tab.label FILTER html %]</td>
[% ELSE %]
<td id="tab_[% tab.name FILTER html %]" class="clickable_area"
- onClick="document.location='[% tab.link FILTER html %]'">
+ onClick="document.location='[% tab.link FILTER js FILTER html %]'">
<a href="[% tab.link FILTER html %]">[% tab.label FILTER html %]</a>
</td>
[% END %]