[Koha-bugs] [Bug 19121] Prevent XSS in the Staff Client and the OPAC - bis
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Aug 16 15:42:20 CEST 2017
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19121
--- Comment #5 from Jonathan Druart <jonathan.druart at bugs.koha-community.org> ---
(In reply to Marcel de Rooy from comment #3)
> Or only pragmatically remove <script>..</script> constructions from
> parameters now with Koha::CGI?
It is not only script elements, we need to escape all HTML characters.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list