From a59f1e99c2285b2802a3da45658095b121d0f5cb Mon Sep 17 00:00:00 2001 From: Dylan William Hardison Date: Fri, 13 May 2016 13:34:19 -0400 Subject: Bug 1250114 - XSS possible in extensions calling global/tabs.html.tmpl if tab.link is user-controlled --- template/en/default/global/tabs.html.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/en/default/global/tabs.html.tmpl b/template/en/default/global/tabs.html.tmpl index 9cf5a897b..511640477 100644 --- a/template/en/default/global/tabs.html.tmpl +++ b/template/en/default/global/tabs.html.tmpl @@ -25,7 +25,7 @@ [% tab.label FILTER html %] [% ELSE %] + onClick="document.location='[% tab.link FILTER js FILTER html %]'"> [% tab.label FILTER html %] [% END %] -- cgit v1.2.1