aboutsummaryrefslogtreecommitdiffstats
path: root/template/en/default/attachment
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2012-01-10 00:51:48 +0100
committerFrédéric Buclin <LpSolit@gmail.com>2012-01-10 00:51:48 +0100
commite7fb5b6ba75cc488d5fa155593546244334dec23 (patch)
tree347370d0a0321745debae7cfb05c142e248f6f10 /template/en/default/attachment
parente50fc49676a9dfdc958b17b2c4d0bf3fa72e8b69 (diff)
downloadbugs-e7fb5b6ba75cc488d5fa155593546244334dec23.tar
bugs-e7fb5b6ba75cc488d5fa155593546244334dec23.tar.gz
bugs-e7fb5b6ba75cc488d5fa155593546244334dec23.tar.bz2
bugs-e7fb5b6ba75cc488d5fa155593546244334dec23.tar.xz
bugs-e7fb5b6ba75cc488d5fa155593546244334dec23.zip
Bug 716283: Clickjacking in the attachment "Details" page allows to bypass token checks
r=dkl a=LpSolit
Diffstat (limited to 'template/en/default/attachment')
-rw-r--r--template/en/default/attachment/edit.html.tmpl10
1 files changed, 10 insertions, 0 deletions
diff --git a/template/en/default/attachment/edit.html.tmpl b/template/en/default/attachment/edit.html.tmpl
index a078141a2..d637e37d1 100644
--- a/template/en/default/attachment/edit.html.tmpl
+++ b/template/en/default/attachment/edit.html.tmpl
@@ -195,6 +195,16 @@
[% END %]
</a>
</p>
+ [% ELSIF attachment.contenttype == "text/html" %]
+ [%# For security reasons (clickjacking, embedded scripts), we never
+ # render HTML pages from here. The source code is displayed instead. %]
+ [% INCLUDE global/textarea.html.tmpl
+ id = 'viewFrame'
+ minrows = 10
+ cols = 80
+ defaultcontent = attachment.data
+ readonly = 'readonly'
+ %]
[% ELSE %]
<iframe id="viewFrame" src="attachment.cgi?id=[% attachment.id %]">
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.