[Koha-bugs] [Bug 13618] Prevent XSS in the Staff Client and the OPAC
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Sep 1 09:57:30 CEST 2015
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13618
--- Comment #73 from Jonathan Druart <jonathan.druart at bugs.koha-community.org> ---
(In reply to Joonas Kylmälä from comment #68)
> (In reply to Jonathan Druart from comment #28)
> > Created attachment 41347 [details] [review] [review]
> > Bug 13618: Remove html filters at the OPAC
> >
> > This patch removes the html filters at the OPAC, if necessary.
> >
> > Generated with:
> > perl -p -i -e 's/\ ?\|\ ?html(\ ?)%/\1%/g' **/*.tt **/*.inc
>
> @@ -85,7 +85,7 @@
> [% END %]
> ).
> [% END %]
> - <a href="[% OPACBaseURL
> %]/cgi-bin/koha/opac-search.pl?[% query_cgi | url %][% limit_cgi |html | url
> %]&count=[% countrss |html %]&sort_by=acqdate_dsc&forma~
> + <a href="[% OPACBaseURL
> %]/cgi-bin/koha/opac-search.pl?[% query_cgi | url %][% limit_cgi |html | url
> %]&count=[% countrss %]&sort_by=acqdate_dsc&format=rss2~
> [% END # / IF total %]
> </p>
> [% END # / IF searchdesc %]
>
> Shouldn't that one also be removed?
I don't think so, I think I have tested them.
(In reply to Joonas Kylmälä from comment #71)
> Why not have also raw SCOUserCSS if we let the user have OPACUserCSS as raw?
Done in another patch.
(In reply to Joonas Kylmälä from comment #72)
> The front page in Staff side doesn't render html under News->What's Next.
New patch pushed to the remote branch.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list