[Koha-bugs] [Bug 13618] Prevent XSS in the Staff Client and the OPAC
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Aug 20 23:38:29 CEST 2015
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13618
Liz Rea <liz at catalyst.net.nz> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |liz at catalyst.net.nz
--- Comment #39 from Liz Rea <liz at catalyst.net.nz> ---
This patch seems to break sysprefs such as intranetnav and opacmainuserblock -
they show their HTML instead of interpreting it. I haven't checked all of the
user configurable areas with this patch but we definitely should check them
all.
Off the top of my head (ok, ok, I went and looked through, but I still might
have missed some):
opacmainuserblock
opacnav
opacnavright
opaccredits
opacheader
opacuserjs
opacusercss
opaccustomsearch
opacmysummaryhtml
opacmysummarynote
opacnavbottom
opacnoresultsfound
opacresultssidebar
opacsearchfortitlein
restrictedpagecontent
PatronSelfRegistrationAdditionalInstructions
intranetmainuserblock
intranetnav
intranetslipprinterjs
intranetusercss
intranetuserjs
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list