https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27546
--- Comment #23 from David Cook <[email protected]> --- (In reply to Fridolin Somers from comment #22) > + window.location.href = "/cgi-bin/koha/catalogue/search.pl?[% > query_cgi | $raw %]&[% limit_cgi | $raw %]&[% sort_cgi | $raw > %]&limit="+index+$("#refiner").val(); > Arf we must URI-espace $("#refiner").val() no ? 100% needs an escape_str() there to prevent XSS. Great catch, Frido! -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
