[Koha-patches] [PATCH] Begin fix for Bug 3652 - XSS vulnerabilities
Galen Charlton
gmcharlt at gmail.com
Fri Jul 16 05:25:14 CEST 2010
Hi,
On Wed, Jul 14, 2010 at 10:25 AM, Owen Leonard <oleonard at myacpl.org> wrote:
> - Setting default_escape => "HTML" in C4::Output
>
> In the OPAC:
> - Removing redundant "ESCAPE='HTML'" from the templates
> - Adding "ESCAPE='0'" where necessary:
> -- Variables like OpacNav which output HTML or JS
> -- Instances of CGI::scrolling_list variables
Pushed to topic branch new/bug3652 - testing encouraged.
Regards,
Galen
--
Galen Charlton
gmcharlt at gmail.com
More information about the Koha-patches
mailing list