Escape all the TT variables! (aka prevent XSS vulnerabilities)
26 Oct
2018
26 Oct
'18
6:29 p.m.
Hi devs, This needs an update. Bug 13618 has been pushed to master. Now you will have to escape all the variables template-side. See the wiki page to understand why and how - https://wiki.koha-community.org/wiki/Coding_Guidelines#HTML9:_filter_all_the... There is a test in the QA script (missing_filter) as well as a test in the codebase to catch missing filters (xt/find-missing-filters.t) To make things easier you can use the misc script (misc/devel/ add_missing_filters.pl) to automatically add the missing filters! Cheers, Jonathan
2819
Age (days ago)
2819
Last active (days ago)
0 comments
1 participants
participants (1)
-
Jonathan Druart