http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11322
--- Comment #3 from Chris Cormack <[email protected]> --- Created attachment 23241 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=23241&action=edit Bug 11322 : XSS in suggestions To test 1/ Switch on purchase suggestions 2/ On the public interface (OPAC) add a suggestion, put html in every field 3/ In the staff interface go to the suggestions page /cgi-bin/koha/suggestion/suggestion.pl 4/ Notice the html is rendered 5/ Click on a suggestion, notice the html is rendered on the show page also 6/ Apply the patch, check these two pages again, html should now be escaped -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
