Closed Bug 1306908 Opened 4 years ago Closed 4 years ago
Graph extension doesn't escape URLs properly
In the template extensions/OpenGraph/template/en/default/hook/global/header-start.html.tmpl the variable Bugzilla.cgi.self_url is being inserted without any escaping ("FILTER none" instead of "FILTER html"). This doesn't seem to cause any security issues, but there can be still unexpected effects due to ampersands not being escaped. For example, open https://bugzilla.mozilla.org/show_bug.cgi?id=200<,=1 and look at the <meta property="og:url" ...> tag in Inspector. You will see that the content attribute has the value https://bugzilla.mozilla.org/show_bug.cgi?id=200<%2C=1 - the browser interpreted < as an unclosed HTML entity and converted it into < accordingly. The expected value would have been https://bugzilla.mozilla.org/show_bug.cgi?id=200<%2C=1.
To firstname.lastname@example.org:mozilla-bteam/bmo.git 4be7f51..81aad4a master -> master
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.