From bugzilla-daemon@bugs.koha-community.org Thu Jul 19 23:00:27 2018 From: bugzilla-daemon@bugs.koha-community.org To: koha-bugs@lists.koha-community.org Subject: [Koha-bugs] [Bug 13618] Prevent XSS in the Staff Client and the OPAC Date: Thu, 19 Jul 2018 21:00:19 +0000 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6602168474532443602==" --===============6602168474532443602== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=3D13618 --- Comment #219 from Jonathan Druart --- I am back! Next version has been pushed to the remote branch - https://gitlab.com/joubu/Koha/commits/bug_13618 Here is commit message of the main patch: As we did not fix the performance issue when autofiltering the variables (see bug 20975), the only solution we have is to add the filters explicitely. This patch has been autogenerated (using add_html_filters.pl, see next pathces) and add the html filter to all the variables displayed in the template. Exceptions are made (using the new 'raw' TT filter) to the variable we already listed in the previous versions of this patch. To test: - Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated data which contain