Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-02-09 16:57:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

The rest of the fix for bug 163573: Escapes HTML in form data displayed to the user to secure Bonsai against cross-site scripting attacks.

Browse Source
This commit is contained in:
myk%mozilla.org 2002-08-28 21:03:26 +00:00
parent 4e4d3c4f89
commit a4f22d93b5
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
webtools/bonsai/cvsqueryform.cgi
View File

@ -96,7 +96,8 @@ else {
if( $bMultiRepos ){
print "<OPTION VALUE='allrepositories'>All Files in all Repositories\n";
}
print "<OPTION SELECTED VALUE='$::FORM{module}'>$::FORM{module}\n";
my $escaped_module = html_quote($::FORM{module});
print "<OPTION SELECTED VALUE='$escaped_module'>$escaped_module\n";
}
#

3
webtools/bonsai/showcheckins.cgi
View File

@ -58,7 +58,8 @@ sub BreakBig {
if (exists($::FORM{'person'})) {
$title = $head = "Checkins for $::FORM{'person'}";
my $escaped_person = html_quote($::FORM{'person'});
$title = $head = "Checkins for $escaped_person";
foreach $checkin (@::CheckInList) {
$info = eval("\\\%$checkin");