[Bug 13618] Prevent XSS in the Staff Client and the OPAC
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13618 Owen Leonard <oleonard@myacpl.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Failed QA --- Comment #221 from Owen Leonard <oleonard@myacpl.org> --- I did what I hope was a fairly thorough test of the staff client and found these issues: - IntranetCirculationHomeHTML displays HTML tags as text - Patron title include showing HTML: <span class="patron-title">Mr</span> - Patron details -> Holds tab: Alerts data from the branches table - Search results page layout is broken. Looks like page-numbers.inc has a section missing. - Crazy encoding of action buttons on Lists page - Incorrectly escaped HTML in Notices & slips list - Label batch list title encoding wrong - Spine label print shows HTML - Administration -> Libraries: Alerts data from the branches table - Administration -> Item types: Alerts data from the items table - Item searching broken: "Unsupported format html at /home/vagrant/kohaclone/catalogue/itemsearch.pl line 42." -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org