https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36805 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dcook@prosentient.com.au --- Comment #5 from David Cook <dcook@prosentient.com.au> --- I noticed someone in bug 37573 using OPACSearchForTitleIn to inject <script> tags, which seems quite suboptimal to me. Sure, if you have access to update OPACSearchForTitleIn you'd also have access to OpacUserJS, so it's not a security vulnerability at this stage, but... as Owen says... I think separating functionality here is a good idea. -- You are receiving this mail because: You are watching all bug changes.