aboutsummaryrefslogtreecommitdiff
path: root/js
diff options
context:
space:
mode:
authorReed Loden <reed@reedloden.com>2011-01-24 10:05:09 -0800
committerReed Loden <reed@reedloden.com>2011-01-24 10:05:09 -0800
commitc283f5e77dc1f3a865a95aa95d1b03e0935ed0a5 (patch)
tree1d001a3b9dbffbe19084db526ad60d28bb98b3b0 /js
parentBug 621110: [SECURITY] Quips (adding/approving/deleting) lacks CSRF protection (diff)
downloadbugzilla-c283f5e77dc1f3a865a95aa95d1b03e0935ed0a5.tar.gz
bugzilla-c283f5e77dc1f3a865a95aa95d1b03e0935ed0a5.tar.bz2
bugzilla-c283f5e77dc1f3a865a95aa95d1b03e0935ed0a5.zip
Bug 619637: (CVE-2010-4569) [SECURITY] XSS in user autocomplete due to lack of encoding by YUI
[r=mkanat r=dkl a=LpSolit]
Diffstat (limited to 'js')
-rw-r--r--js/field.js9
1 files changed, 8 insertions, 1 deletions
diff --git a/js/field.js b/js/field.js
index 621cdf3eb..9d0f346ef 100644
--- a/js/field.js
+++ b/js/field.js
@@ -661,6 +661,13 @@ function browserCanHideOptions(aSelect) {
/* (end) option hiding code */
+// A convenience function to sanitize raw text for harmful HTML before outputting
+function _escapeHTML(text) {
+ return text.replace(/&/g, '&amp;').
+ replace(/</g, '&lt;').
+ replace(/>/g, '&gt;');
+}
+
/**
* The Autoselect
*/
@@ -686,7 +693,7 @@ YAHOO.bugzilla.userAutocomplete = {
return stringified;
},
resultListFormat : function(oResultData, enteredText, sResultMatch) {
- return ( oResultData.real_name + " (" + oResultData.email + ")");
+ return ( _escapeHTML(oResultData.real_name) + " (" + _escapeHTML(oResultData.email) + ")");
},
debug_helper : function ( ){
/* used to help debug any errors that might happen */