[Koha-bugs] [Bug 15814] Templates for MARC modification: Edit action does not work when Description contains '
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Nov 6 11:32:40 CET 2017
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15814
Victor Grousset/tuxayo <victor.grousset at biblibre.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|normal |major
--- Comment #2 from Victor Grousset/tuxayo <victor.grousset at biblibre.com> ---
Still happens on master as of today.
Also, as a consequence, it's vulnerable to XSS. Putting
"<script>alert(123)</script>" in the description works.
Idea to fix: escape in the template with replace()
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list