Bug 272620: avoid XSS problem with internal error messages. Patch by gerv; r=justdave; a=justdave.

ed09207e · gerv%gerv.net · a90c06d0 · ed09207e · ed09207e
Commit ed09207e authored Jan 04, 2005 by gerv%gerv.net
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 2 deletions

Error.pm Bugzilla/Error.pm +4 -1

code-error.html.tmpl template/en/default/global/code-error.html.tmpl +4 -1

No files found.
--- a/Bugzilla/Error.pm
+++ b/Bugzilla/Error.pm
@@ -118,7 +118,10 @@ sub ThrowTemplateError {
            time this message appeared.
          </p>
          <script type="text/javascript"> <!--
-            document.write("<p>URL: " + document.location + "</p>");
+          document.write("<p>URL: " + 
+                          document.location.href.replace(/&/g,"&amp;")
+                                                .replace(/</g,"&lt;")
+                                                .replace(/>/g,"&gt;") + "</p>");
          // -->
          </script>
          <p>Template->process() failed twice.<br>

--- a/template/en/default/global/code-error.html.tmpl
+++ b/template/en/default/global/code-error.html.tmpl
@@ -256,7 +256,10 @@
    the time this message appeared.
  </p>
  <script type="text/javascript"> <!--
-    document.write("<p>URL: " + document.location + "</p>");
+    document.write("<p>URL: " + 
+                    document.location.href.replace(/&/g,"&amp;")
+                                          .replace(/</g,"&lt;")
+                                          .replace(/>/g,"&gt;") + "</p>");
  // -->
  </script>
 </tt>