[Koha-bugs] [Bug 13618] Prevent XSS in the Staff Client and the OPAC
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Aug 8 20:26:26 CEST 2018
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13618
Owen Leonard <oleonard at myacpl.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|Needs Signoff |Failed QA
--- Comment #221 from Owen Leonard <oleonard at myacpl.org> ---
I did what I hope was a fairly thorough test of the staff client and found
these issues:
- IntranetCirculationHomeHTML displays HTML tags as text
- Patron title include showing HTML: <span
class="patron-title">Mr</span>
- Patron details -> Holds tab: Alerts data from the branches table
- Search results page layout is broken. Looks like page-numbers.inc has a
section missing.
- Crazy encoding of action buttons on Lists page
- Incorrectly escaped HTML in Notices & slips list
- Label batch list title encoding wrong
- Spine label print shows HTML
- Administration -> Libraries: Alerts data from the branches table
- Administration -> Item types: Alerts data from the items table
- Item searching broken: "Unsupported format html at
/home/vagrant/kohaclone/catalogue/itemsearch.pl line 42."
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list