https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19121
--- Comment #2 from Katrin Fischer <[email protected]> --- Ok, not totally sure if I understand this approach right, but I talked some to Robin this morning while I was working on the XSS patches and from what I understand changing the data on the way is probably not the answer. We might want to use the data in different contexts where different encoding might be needed. Data needs to be encoded differently for use in HTML, attributes, JavaScript or in an URL. I am also thinking of our HTML preferences, CSV and file output, MARC data etc. Robin suggested HTML::Escape as a fast module for escaping. If we wrap that into a plugin/make our own filter, we could maybe solve the performance issues: http://search.cpan.org/~tokuhirom/HTML-Escape-1.09/lib/HTML/Escape.pm -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
