http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9458
Jared Camins-Esakov <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Passed QA |Failed QA --- Comment #30 from Jared Camins-Esakov <[email protected]> --- (In reply to comment #29) > Good catch! This latest followup fixes that. I've also simplified some of > the presentation logic. There's a problem with your latest follow-up: it inserts unsanitized user input into the page. I checked and it seems that most browsers catch the XSS if you try to insert Javascript, but I'd rather not depend on that if we don't have to. To see what I mean, try a link like: /cgi-bin/koha/virtualshelves/shelves.pl?viewshelf=55&sort=title&direction=%22%3Ehere's%20some%20text%3Cspan%20style=%22 -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
