[Koha-bugs] [Bug 13618] Prevent XSS in the Staff Client and the OPAC
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Jan 11 22:12:36 CET 2016
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13618
Katrin Fischer <katrin.fischer at bsz-bw.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|Signed Off |Failed QA
--- Comment #106 from Katrin Fischer <katrin.fischer at bsz-bw.de> ---
Hi Jonathan,
I (re)testd some more:
NOW OK:
- Patron account in staff > notices tab > HTML notices
- System preferences containing HTML tags display them
To test: search for 'note' in system preferences
- Staff > detail page > MARC view > Items tab > displays in URL column
To test: Add a 952$u to one of multiple items
- HTML tags in messages in the patron account ('new message' link)
NOT OK:
- HTML printer slips are broken
To test: Patron account > print quick slip
This shows still the same problem for and I don't see a patch with a
matching description on the branch?
- HTML tags in restriction/debarment comments
Works partially - the restriction message on top of the patron account is
ok.
The entries in the little restrictions table inside the tab still appear
broken - on the details and checkout tabs and also when editing a patron.
Other test results:
- OPAC is looking good, nothing found
- Staff is looking good as well - no new findings. :)
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list