https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19121
--- Comment #4 from Jonathan Druart <jonathan.dru...@bugs.koha-community.org> --- (In reply to Katrin Fischer from comment #2) > Ok, not totally sure if I understand this approach right, but I talked some > to Robin this morning while I was working on the XSS patches and from what > I understand changing the data on the way is probably not the answer. We > might want to use the data in different contexts where different encoding > might be needed. Data needs to be encoded differently for use in HTML, > attributes, JavaScript or in an URL. I am also thinking of our HTML > preferences, CSV and file output, MARC data etc. That is why there is a Koha::CGI->param_raw method > Robin suggested HTML::Escape as a fast module for escaping. If we wrap that > into a plugin/make our own filter, we could maybe solve the performance > issues: > > http://search.cpan.org/~tokuhirom/HTML-Escape-1.09/lib/HTML/Escape.pm Nope, IIRC it is not faster than Template::Stash::AutoEscaping::Escaped::HTML::espape (see the patch). I tried to improve the escapement on bug 13618. The speed was not the problem, the number of variables was. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/