[Koha-bugs] [Bug 13618] Prevent XSS everywhere at the OPAC
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Jun 22 12:13:05 CEST 2015
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13618
Chris Cormack <chris at bigballofwax.co.nz> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |chris at bigballofwax.co.nz
--- Comment #12 from Chris Cormack <chris at bigballofwax.co.nz> ---
Perhaps we could use this module
http://search.cpan.org/~shlomif/Template-Stash-AutoEscaping-0.0303/lib/Template/Stash/AutoEscaping.pm
As it lets us do value.raw if we need unescaped values.
But either we use it, or the HTML::Entities one, I think we should push it very
soon. And we should do it on both the staff and opac sides
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list