diff options
author | Reed Loden <reed@reedloden.com> | 2011-01-24 10:05:09 -0800 |
---|---|---|
committer | Reed Loden <reed@reedloden.com> | 2011-01-24 10:05:09 -0800 |
commit | c283f5e77dc1f3a865a95aa95d1b03e0935ed0a5 (patch) | |
tree | 1d001a3b9dbffbe19084db526ad60d28bb98b3b0 /js | |
parent | fee4dfba5bce719769ee2733a0e7b824aaf298d6 (diff) | |
download | bugs-c283f5e77dc1f3a865a95aa95d1b03e0935ed0a5.tar bugs-c283f5e77dc1f3a865a95aa95d1b03e0935ed0a5.tar.gz bugs-c283f5e77dc1f3a865a95aa95d1b03e0935ed0a5.tar.bz2 bugs-c283f5e77dc1f3a865a95aa95d1b03e0935ed0a5.tar.xz bugs-c283f5e77dc1f3a865a95aa95d1b03e0935ed0a5.zip |
Bug 619637: (CVE-2010-4569) [SECURITY] XSS in user autocomplete due to lack of encoding by YUI
[r=mkanat r=dkl a=LpSolit]
Diffstat (limited to 'js')
-rw-r--r-- | js/field.js | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/js/field.js b/js/field.js index 621cdf3eb..9d0f346ef 100644 --- a/js/field.js +++ b/js/field.js @@ -661,6 +661,13 @@ function browserCanHideOptions(aSelect) { /* (end) option hiding code */ +// A convenience function to sanitize raw text for harmful HTML before outputting +function _escapeHTML(text) { + return text.replace(/&/g, '&'). + replace(/</g, '<'). + replace(/>/g, '>'); +} + /** * The Autoselect */ @@ -686,7 +693,7 @@ YAHOO.bugzilla.userAutocomplete = { return stringified; }, resultListFormat : function(oResultData, enteredText, sResultMatch) { - return ( oResultData.real_name + " (" + oResultData.email + ")"); + return ( _escapeHTML(oResultData.real_name) + " (" + _escapeHTML(oResultData.email) + ")"); }, debug_helper : function ( ){ /* used to help debug any errors that might happen */ |