https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36805
David Cook <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #5 from David Cook <[email protected]> --- I noticed someone in bug 37573 using OPACSearchForTitleIn to inject <script> tags, which seems quite suboptimal to me. Sure, if you have access to update OPACSearchForTitleIn you'd also have access to OpacUserJS, so it's not a security vulnerability at this stage, but... as Owen says... I think separating functionality here is a good idea. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
