[Koha-bugs] [Bug 23341] Hold Notes should allow for HTML tags

[bugzilla-daemon at bugs.koha-community.org]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23341

Nick Clemens <nick at bywatersolutions.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |nick at bywatersolutions.com

--- Comment #5 from Nick Clemens <nick at bywatersolutions.com> ---
This has one caveat - patrons can enter these notes, not just staff, so this
would open possibility of XSS attack

Talking internally we think we could filter the patron note on entry

Alternatively, we can split the note into a public_note and private_note -
filter the public and display it to patrons, but don't filter the private_note
and keep it only for staff

-- 
You are receiving this mail because:
You are watching all bug changes.