https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23341
Katrin Fischer <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #6 from Katrin Fischer <[email protected]> --- (In reply to Nick Clemens from comment #5) > This has one caveat - patrons can enter these notes, not just staff, so this > would open possibility of XSS attack > > Talking internally we think we could filter the patron note on entry > > Alternatively, we can split the note into a public_note and private_note - > filter the public and display it to patrons, but don't filter the > private_note and keep it only for staff Do we know more about the use case for this? If it's about handling line breaks like in the example from Jessica we could handle this easily without allowing line breaks. Otherwise I really like the idea of splitting into internal and public notes as this would allow for more flexible use. Right now if you use the note publicly, you don't have any way to make internal notes and this could easily go wrong. Should we reset status here to "In discussion"? -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
