Bug 317936

Summary: Test </a><div style="position:absolute;left:0;right:0;bottom:0;top:0" onmouseover="alert('foo');">hi</div>
Product: [Frameworks and Libraries] telepathy Reporter: Nikita Skovoroda <chalkerx>
Component: text-ui-message-filtersAssignee: Telepathy Bugs <kde-telepathy-bugs>
Status: RESOLVED FIXED    
Severity: normal CC: kde
Priority: NOR    
Version: 0.6.0   
Target Milestone: 0.6.1   
Platform: Arch Linux   
OS: Linux   
Latest Commit: http://commits.kde.org/telepathy-text-ui/14b5daf4cab4c534b5d29720b2092c1563db4e6a Version Fixed In:

Description Nikita Skovoroda 2013-04-06 16:05:05 UTC 
The link to this bug should be sent to ktp-text-ui.

Reproducible: Always

Steps to Reproduce:
1. Send the link to this bug to ktp-text-ui.
Comment 1 Nikita Skovoroda 2013-04-07 09:20:14 UTC 
I'll make a patch today.
Comment 2 David Edmundson 2013-04-08 10:08:12 UTC 
Git commit 14b5daf4cab4c534b5d29720b2092c1563db4e6a by David Edmundson, on behalf of Nikita Skovoroda.
Committed on 08/04/2013 at 12:05.
Pushed by davidedmundson into branch 'kde-telepathy-0.6'.

Bugzilla filter: escape html to block injection.
REVIEW: 109905

Also, fix a "not an object" js error when referencing an inexisting bug (and got a null result).

M  +27   -3    filters/bugzilla/showBugzillaInfo.js

http://commits.kde.org/telepathy-text-ui/14b5daf4cab4c534b5d29720b2092c1563db4e6a