https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26777
--- Comment #65 from David Cook <[email protected]> --- I wanted to thoroughly test this but ran out of time chasing a different bug... Just wanted to point out that you almost never want to use innerHTML() for setting a value. It's a good way to accidentally introduce a XSS vulnerability. Look at OWASP documents for preventing Cross-Site Scripting (XSS). In this case, I think that you're mostly, as it seems unlikely someone could slip XSS in through the SVG. I'm more worried about the error message, which appears to be broken anyway... -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
