Closed Bug 509373 Opened 15 years ago Closed 15 years ago

<!-- in bug summary is included in inline JavaScript without escaping

Categories

(Bugzilla :: Bugzilla-General, defect)

Product:
Bugzilla
Component:
Bugzilla-General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 503980

People

(Reporter: hsivonen, Unassigned)

References

(
URL
)

Details

Steps to reproduce: 1) Load https://bugzilla.mozilla.org/show_bug.cgi?id=509009 in Safari or in Minefield with the pref html5.enable set to true 2) Load https://bugzilla.mozilla.org/show_bug.cgi?id=503632 in Safari or in Minefield with the pref html5.enable set to true Actual results: Significant parts of the Bugzilla UI disappear. Expected results: Expected normal UI. Additional info: When Bugzilla includes a string containing "<!--" in an inline JavaScript block, it should escape it as "\u003C!--" to hide it from the HTML parser.
Group: bugzilla-security
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
(In reply to comment #0) > Actual results: > Significant parts of the Bugzilla UI disappear. IMO, that's a bug in Firefox HTML5 parser, per bug 503632.
Not a security issue, after investigation.
Group: bugzilla-security
You need to log in before you can comment on or make changes to this bug.