diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2012-01-10 00:51:48 +0100 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2012-01-10 00:51:48 +0100 |
commit | e7fb5b6ba75cc488d5fa155593546244334dec23 (patch) | |
tree | 347370d0a0321745debae7cfb05c142e248f6f10 /template/en/default/attachment | |
parent | e50fc49676a9dfdc958b17b2c4d0bf3fa72e8b69 (diff) | |
download | bugs-e7fb5b6ba75cc488d5fa155593546244334dec23.tar bugs-e7fb5b6ba75cc488d5fa155593546244334dec23.tar.gz bugs-e7fb5b6ba75cc488d5fa155593546244334dec23.tar.bz2 bugs-e7fb5b6ba75cc488d5fa155593546244334dec23.tar.xz bugs-e7fb5b6ba75cc488d5fa155593546244334dec23.zip |
Bug 716283: Clickjacking in the attachment "Details" page allows to bypass token checks
r=dkl a=LpSolit
Diffstat (limited to 'template/en/default/attachment')
-rw-r--r-- | template/en/default/attachment/edit.html.tmpl | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/template/en/default/attachment/edit.html.tmpl b/template/en/default/attachment/edit.html.tmpl index a078141a2..d637e37d1 100644 --- a/template/en/default/attachment/edit.html.tmpl +++ b/template/en/default/attachment/edit.html.tmpl @@ -195,6 +195,16 @@ [% END %] </a> </p> + [% ELSIF attachment.contenttype == "text/html" %] + [%# For security reasons (clickjacking, embedded scripts), we never + # render HTML pages from here. The source code is displayed instead. %] + [% INCLUDE global/textarea.html.tmpl + id = 'viewFrame' + minrows = 10 + cols = 80 + defaultcontent = attachment.data + readonly = 'readonly' + %] [% ELSE %] <iframe id="viewFrame" src="attachment.cgi?id=[% attachment.id %]"> <b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. |