[Koha-bugs] [Bug 13618] Prevent XSS in the Staff Client and the OPAC
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Aug 27 14:11:08 CEST 2018
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13618
Ere Maijala <ere.maijala at helsinki.fi> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ere.maijala at helsinki.fi
--- Comment #244 from Ere Maijala <ere.maijala at helsinki.fi> ---
Looks like escaping was added also to places where it doesn't belong. The
examples I stumbled on were just setting a variable:
https://github.com/Koha-Community/Koha/blob/master/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt#L328
and
https://github.com/Koha-Community/Koha/blob/master/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt#L330
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list