Bug 1250114 - XSS possible in extensions calling global/tabs.html.tmpl if…

Bug 1250114 - XSS possible in extensions calling global/tabs.html.tmpl if tab.link is user-controlled
parent ee24e1e4
......@@ -25,7 +25,7 @@
[% tab.label FILTER html %]</td>
[% ELSE %]
<td id="tab_[% tab.name FILTER html %]" class="clickable_area"
onClick="document.location='[% tab.link FILTER html %]'">
onClick="document.location='[% tab.link FILTER js FILTER html %]'">
<a href="[% tab.link FILTER html %]">[% tab.label FILTER html %]</a>
</td>
[% END %]
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment