https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080
--- Comment #3 from Eric Phetteplace <[email protected]> --- OK I added my patch and testing plan just to clarify but I leave this at status NEW until I can get some feedback. I also asked in Mattermost. For testing, you can use this as your "malicious.svg" file: <svg version="1.1" xmlns="http://www.w3.org/2000/svg"; viewBox="0 0 400 400"> <title>malicious</title> <text x="200" y="200" text-anchor="middle" font-size="20" fill="black"> This SVG contains a script tag which prints "hello" to the console </text> <script>console.log("hello")</script> </svg> -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
