18 Aug
2023
18 Aug
'23
1:42 a.m.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20397 --- Comment #15 from David Cook <dcook@prosentient.com.au> --- For our inline scripts (like OpacUserJS and IntranetUserJS), we could use a nonce. We'd need to generate the nonce and pass it to the $template in C4::Auth::get_template_and_user(). Then we could easily place it into whatever inline script we need. It wouldn't prevent XSS where we've made an error in our inline script, but it would prevent a lot of stored and reflected XSS in other contexts. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.