[Koha-bugs] [Bug 13618] Prevent XSS in the Staff Client and the OPAC
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Feb 7 15:52:35 CET 2017
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13618
Martin Renvoize <martin.renvoize at ptfs-europe.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |martin.renvoize at ptfs-europe
| |.com
--- Comment #212 from Martin Renvoize <martin.renvoize at ptfs-europe.com> ---
The approach here is correct in my opinion.. we should treat everything as
unsafe and thus escape it by default unless we've manually checked it and
marked as safe.
Yes, this will impact performance at first and highlight some especially nasty
areas of koha. We should use those highlights as a hitlist of areas to
concentrate on a) checking security and marking as safe when possible and b)
refactoring templates to more sparsely use variables when possible.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list