[Koha-bugs] [Bug 33144] Authority lookup in advanced editor overencodes HTML
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Mar 6 06:48:34 CET 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33144
--- Comment #2 from Phil Ringnalda <phil at chetcolibrary.org> ---
I'm no expert in assessing the XSS risks of code copy-pasted from Stack
Overflow, but I've been reading Wladimir's writing on security and running his
code for years, so I'd trust
https://stackoverflow.com/questions/1912501/unescape-html-entities-in-javascript/34064434#34064434
and in fact we already do that same thing in
https://git.koha-community.org/Koha-community/Koha/src/commit/fe872b792037ee2f8cce0d25f95c1e4f739ffe49/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-results.tt#L820
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list