[Koha-bugs] [Bug 13618] Prevent XSS in the Staff Client and the OPAC
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Sat Nov 28 15:15:34 CET 2015
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13618
Bernardo Gonzalez Kriegel <bgkriegel at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|Signed Off |In Discussion
--- Comment #85 from Bernardo Gonzalez Kriegel <bgkriegel at gmail.com> ---
Mmm, some problems editing records and items
There is a strange display on edit/add
On items it can be fixed with something like
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/additem.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/additem.tt
@@ -225,9 +225,9 @@ function confirm_deletion() {
[% FOREACH ite IN item %]
<li><div class="subfield_line" style="[% ite.visibility %]"
id="subfield[% ite.tag %][% ite.subfield %][% ite
[% IF ( ite.mandatory ) %]
- <label class="required">[% ite.subfield %] - [% ite.marc_lib
%]</label>
+ <label class="required">[% ite.subfield %] - [%
ite.marc_lib.raw %]</label>
[% ELSE %]
- <label>[% ite.subfield %] - [% ite.marc_lib %]</label>
+ <label>[% ite.subfield %] - [% ite.marc_lib.raw %]</label>
[% END %]
[% SET mv = ite.marc_value %]
@@ -258,7 +258,7 @@ function confirm_deletion() {
[% ELSE %]
<a href="#" id="buttonDot_[%- mv.id -%]" class="[%-
mv.class -%]" title="Tag editor">...</a>
[% END %]
- [%- mv.javascript -%]
+ [%- mv.javascript.raw -%]
[% ELSIF ( mv.type == 'text' ) %]
<input type="text" id="[%- mv.id -%]" name="field_value"
class="input_marceditor" size="50" maxlength="[
[% ELSIF ( mv.type == 'textarea' ) %]
But there are some javascript errors in the console.
And we need a fix for record editor.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list