27 Aug
2024
27 Aug
'24
3:04 a.m.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26777 --- Comment #65 from David Cook <dcook@prosentient.com.au> --- I wanted to thoroughly test this but ran out of time chasing a different bug... Just wanted to point out that you almost never want to use innerHTML() for setting a value. It's a good way to accidentally introduce a XSS vulnerability. Look at OWASP documents for preventing Cross-Site Scripting (XSS). In this case, I think that you're mostly, as it seems unlikely someone could slip XSS in through the SVG. I'm more worried about the error message, which appears to be broken anyway... -- You are receiving this mail because: You are watching all bug changes.