Resolve two XSS (closes: #504608)

[debbugs.git] / Debbugs / CGI.pm

diff --git a/Debbugs/CGI.pm b/Debbugs/CGI.pm
index e2780036b5262d44fdb56dbf716bcdac45b35b2d..f4cd20e06df112efd2daa84e0d4d1780f2d0e1b9 100644 (file)
--- a/Debbugs/CGI.pm
+++ b/Debbugs/CGI.pm
@@ -867,7 +867,8 @@ sub option_form{
               if (defined $value and $o_value eq $value) {
                    $selected = ' selected';
               }
-              $output .= qq(<option value="$o_value"$selected>$name</option>\n);
+              $output .= q(<option value=").html_escape($o_value).qq("$selected>).
+                  html_escape($name).qq(</option>\n);
          }
          return $output;
      };