The "My bugs" template parameter does not get HTML escaped before being used in the footer of Bugzilla pages. This causes HTML validation to fail when you're logged in because the &'s in the query aren't &.
How do you know whether the default query already uses & or not? Mine already has & in it. So filtering it again wouldn't be good IMHO.
Btw, sidebar.xul.tmpl does use FILTER html the mybugstemplate param. One of these templates is wrong ;)
Not a security bug -> 2.22
Looks like our default My Bugs template already has & in it so simple reset of this parameter fixes this bug and make gazillion of validation errors disappear. So, do we still want this fixed for the poor folks that manually add bare ampersands in their template? Maybe basic HTML filter added with duplicate (&amp;) suppression capability is needed here. Or maybe bug 133173 will just make all these problems go away..