https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37654
Bug ID: 37654
Summary: Batch record import needs to HTML-escape the Citation
column
Change sponsored?: ---
Product: Koha
Version: Main
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P3
Component: Tools
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
Created attachment 170412
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=170412&action=edit
Sample record for HTML escaping
After you stage a batch of records for import, they are displayed with a
Citation column which contains the title and author. Those need to be
HTML-escaped, both so that things like < will display correctly and so that
your compromised vendor won't deliver a batch of XSS to you.
Steps to reproduce:
1. Download the attached "Sample record for HTML escaping"
2. Cataloging - Stage records for import - Select the downloaded file - Upload
file - Stage for import
3. When the background job completes, View batch - get an alert() from the bib
title, note that the author name "Person" is a link.
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
