[Bug 2026] Comments allow unsanitized input
http://bugs.koha.org/cgi-bin/bugzilla/show_bug.cgi?id=2026 joe.atzberger@liblime.com changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P3 |PATCH-Sent ------- Comment #3 from joe.atzberger@liblime.com 2008-05-22 13:16 ------- Overhauling patch sent. Scrubber and Error feedback added. Note: we CANNOT rely on window.close in onSubmit or $().submit to close our popups. On a relatively slow connection with a relatively large POST, commonly the close finishes *before* the POST completes, as reported with our New Zealand clients. Despite success in trivial cases, this should be obvious, since the event is necessarily before the submission. It also assumes success and prevents any kind of error feedback, so we should avoid it even if it did work in all cases. We should close the popup on confirmation from the server, like ajax success or as implemented here in Template. Other Koha popups are likely to exhibit this same defective behavior. Some FIXME's outstanding: need to allow users to delete their own comments, need to enforce and feedback on max comment length. ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact.
participants (1)
-
bugzilla-daemon@pippin.metavore.com