[Koha-bugs] [Bug 19121] Prevent XSS in the Staff Client and the OPAC - bis

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Wed Aug 16 15:42:20 CEST 2017


https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19121

--- Comment #5 from Jonathan Druart <jonathan.druart at bugs.koha-community.org> ---
(In reply to Marcel de Rooy from comment #3)
> Or only pragmatically remove <script>..</script> constructions from
> parameters now with Koha::CGI?

It is not only script elements, we need to escape all HTML characters.

-- 
You are receiving this mail because:
You are watching all bug changes.


More information about the Koha-bugs mailing list