https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23341
Nick Clemens <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #5 from Nick Clemens <[email protected]> --- This has one caveat - patrons can enter these notes, not just staff, so this would open possibility of XSS attack Talking internally we think we could filter the patron note on entry Alternatively, we can split the note into a public_note and private_note - filter the public and display it to patrons, but don't filter the private_note and keep it only for staff -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
