Bug 367674: [SECURITY] XSS when reading Atom feeds due to unescaped HTML

Patch By Fr��d��ric Buclin <LpSolit@gmail.com> r=bkor, a=mkanat
2007-02-02 21:40:06 +00:00 · 2007-02-02 21:40:06 +00:00 · e6bc39d124
--- a/webtools/bugzilla/template/en/default/list/list.atom.tmpl
+++ b/webtools/bugzilla/template/en/default/list/list.atom.tmpl
@ -62,23 +62,23 @@
      <tr>
        <th>Field</th><th>Value</th>
      </tr><tr>
-        <td>[% columns.opendate.title FILTER none %]</td>
-        <td>[% bug.opendate FILTER none %]</td>
+        <td>[% columns.opendate.title FILTER html %]</td>
+        <td>[% bug.opendate FILTER html %]</td>
      </tr><tr>
-        <td>[% columns.assigned_to_realname.title FILTER none %]</td>
-        <td>[% bug.assigned_to_realname FILTER none %]</td>
+        <td>[% columns.assigned_to_realname.title FILTER html %]</td>
+        <td>[% bug.assigned_to_realname FILTER html %]</td>
      </tr><tr>
-        <td>[% columns.priority.title FILTER none %]</td>
-        <td>[% bug.priority FILTER none %]</td>
+        <td>[% columns.priority.title FILTER html %]</td>
+        <td>[% bug.priority FILTER html %]</td>
      </tr><tr>
-        <td>[% columns.bug_severity.title FILTER none %] </td>
-        <td>[% bug.bug_severity FILTER none %]</td>
+        <td>[% columns.bug_severity.title FILTER html %] </td>
+        <td>[% bug.bug_severity FILTER html %]</td>
      </tr><tr>
-        <td>[% columns.bug_status.title FILTER none %]</td>
-        <td>[% bug.bug_status FILTER none %]</td>
+        <td>[% columns.bug_status.title FILTER html %]</td>
+        <td>[% bug.bug_status FILTER html %]</td>
      </tr><tr>
-        <td>[% columns.changeddate.title FILTER none %]</td>
-        <td>[% bug.changeddate FILTER none -%]</td>
+        <td>[% columns.changeddate.title FILTER html %]</td>
+        <td>[% bug.changeddate FILTER html -%]</td>
      </tr>
      </table>
      [% END %]