[Koha-bugs] [Bug 13618] Prevent XSS everywhere at the OPAC
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Jun 22 16:03:48 CEST 2015
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13618
--- Comment #13 from Tomás Cohen Arazi <tomascohen at gmail.com> ---
(In reply to Chris Cormack from comment #12)
> Perhaps we could use this module
>
> http://search.cpan.org/~shlomif/Template-Stash-AutoEscaping-0.0303/lib/
> Template/Stash/AutoEscaping.pm
>
> As it lets us do value.raw if we need unescaped values.
>
> But either we use it, or the HTML::Entities one, I think we should push it
> very soon. And we should do it on both the staff and opac sides
+1 for Template::Stash::AutoEscaping
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list