Bug 238797: minor adjustment to javascript filters to prevent tags inserted in…

Bugzilla/Template.pm

@@ -229,7 +229,7 @@ sub create {
             # and newlines/carriage returns escaped for use in JS strings.
             js => sub {
                 my ($var) = @_;
-                $var =~ s/([\\\'\"])/\\$1/g;
+                $var =~ s/([\\\'\"\/])/\\$1/g;
                 $var =~ s/\n/\\n/g;
                 $var =~ s/\r/\\r/g;
                 $var =~ s/\@/\\x40/g; # anti-spam for email addresses

template/en/default/admin/flag-type/list.html.tmpl

@@ -98,7 +98,7 @@
         <td>
           <a href="editflagtypes.cgi?action=copy&amp;id=[% type.id %]">Copy</a>
           | <a href="editflagtypes.cgi?action=confirmdelete&amp;id=[% type.id %]"
-               onclick="return confirmDelete([% type.id %], '[% type.name FILTER js %]',
+               onclick="return confirmDelete([% type.id %], '[% type.name FILTER js FILTER html %]',
                                              [% type.flag_count %]);">Delete</a>
         </td>
       </tr>

template/en/default/bug/knob.html.tmpl

@@ -97,7 +97,7 @@
         [% terms.bug %] to
       </label>
       <input name="assigned_to" size="32"
-             onchange="if ((this.value != '[% bug.assigned_to.email FILTER js %]') &&
+             onchange="if ((this.value != '[% bug.assigned_to.email FILTER js FILTER html %]') &&
                             (this.value != '')) {
                          document.changeform.knob[[% knum %]].checked=true;
                        }"