[Koha-bugs] [Bug 13618] Prevent XSS in the Staff Client and the OPAC
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Sat Aug 29 11:28:37 CEST 2015
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13618
--- Comment #71 from Joonas Kylmälä <j.kylmala at gmail.com> ---
(In reply to Jonathan Druart from comment #37)
> Created attachment 41354 [details] [review]
> Bug 13618: Specific for IntranetUser* and OPACUser* prefs
--- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/sco/sco-main.tt
+++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/sco/sco-main.tt
@@ -8,7 +8,7 @@
<link rel="stylesheet" type="text/css" href="[% interface %]/[% theme
%]/lib/bootstrap/css/bootstrap.min.css" />
<link rel="stylesheet" type="text/css" href="[% interface %]/[% theme
%]/lib/jquery/jquery-ui.css" />
<link rel="stylesheet" type="text/css" href="[% interface %]/[% theme
%]/css/sco.css" />
-[% IF ( OPACUserCSS ) %]<style type="text/css">[% OPACUserCSS %]</style>[% END
%]
+[% IF ( OPACUserCSS ) %]<style type="text/css">[% OPACUserCSS.raw %]</style>[%
END %]
[% IF ( SCOUserCSS ) %]<style type="text/css">[% SCOUserCSS %]</style>[% END
%]
Why not have also raw SCOUserCSS if we let the user have OPACUserCSS as raw?
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list