[Koha-bugs] [Bug 13618] Prevent XSS in the Staff Client and the OPAC

Fri Jan 29 10:53:44 CET 2016

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13618

Jonathan Druart <jonathan.druart at bugs.koha-community.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #46795|0                           |1
        is obsolete|                            |

--- Comment #172 from Jonathan Druart <jonathan.druart at bugs.koha-community.org> ---
Created attachment 47425
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=47425&action=edit
Bug 13618: Use Template::Stash::AutoEscaping to use the html filter

Test plan:
0/ sudo cpanm Template::Stash::AutoEscaping
1/ Verify don't reproduce the XSS issue described on bug 13609 and other
xss related bugs.
2/ Try to find some encoding issues (detail page, search results,
facets, etc.)

Signed-off-by: Signed-off-by: Joonas Kylmälä <j.kylmala at gmail.com>

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de>

-- 
You are receiving this mail because:
You are watching all bug changes.