[Koha-bugs] [Bug 19121] Prevent XSS in the Staff Client and the OPAC - bis

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19121 Jonathan Druart changed: What|Removed |Added See Also|https://bugs.koha-community |

[Koha-bugs] [Bug 19121] Prevent XSS in the Staff Client and the OPAC - bis

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19121 Chris Cormack changed: What|Removed |Added CC|

[Koha-bugs] [Bug 19121] Prevent XSS in the Staff Client and the OPAC - bis

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19121 Marc Véron changed: What|Removed |Added CC||ve...@veron.ch

[Koha-bugs] [Bug 19121] Prevent XSS in the Staff Client and the OPAC - bis

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19121 --- Comment #8 from Robin Sheat --- It will be a long and annoying process, but if done right then it'll be very hard for someone to introduce a new vulnerability by accident. -- You are receiving this mail

[Koha-bugs] [Bug 19121] Prevent XSS in the Staff Client and the OPAC - bis

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19121 Jonathan Druart changed: What|Removed |Added Attachment #66045|0

[Koha-bugs] [Bug 19121] Prevent XSS in the Staff Client and the OPAC - bis

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19121 --- Comment #7 from Jonathan Druart --- Hi Robin, Thanks for your input! I have to admit that I should have explained what I have in mind a bit more. At the moment we are facing lot of XSS

[Koha-bugs] [Bug 19121] Prevent XSS in the Staff Client and the OPAC - bis

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19121 Amit Gupta changed: What|Removed |Added CC|

[Koha-bugs] [Bug 19121] Prevent XSS in the Staff Client and the OPAC - bis

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19121 --- Comment #6 from Robin Sheat --- You can't process the data on the way in. You will end up with corrupt data: * in the database * output via APIs * in the web display whenever you're doing anything that

[Koha-bugs] [Bug 19121] Prevent XSS in the Staff Client and the OPAC - bis

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19121 --- Comment #5 from Jonathan Druart --- (In reply to Marcel de Rooy from comment #3) > Or only pragmatically remove .. constructions from > parameters now with Koha::CGI? It is not only

[Koha-bugs] [Bug 19121] Prevent XSS in the Staff Client and the OPAC - bis

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19121 --- Comment #4 from Jonathan Druart --- (In reply to Katrin Fischer from comment #2) > Ok, not totally sure if I understand this approach right, but I talked some > to Robin this morning

[Koha-bugs] [Bug 19121] Prevent XSS in the Staff Client and the OPAC - bis

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19121 --- Comment #3 from Marcel de Rooy --- Or only pragmatically remove .. constructions from parameters now with Koha::CGI? -- You are receiving this mail because: You are watching all bug changes.

[Koha-bugs] [Bug 19121] Prevent XSS in the Staff Client and the OPAC - bis

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19121 --- Comment #2 from Katrin Fischer --- Ok, not totally sure if I understand this approach right, but I talked some to Robin this morning while I was working on the XSS patches and from what I understand

[Koha-bugs] [Bug 19121] Prevent XSS in the Staff Client and the OPAC - bis

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19121 Katrin Fischer changed: What|Removed |Added CC|

[Koha-bugs] [Bug 19121] Prevent XSS in the Staff Client and the OPAC - bis

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19121 Jonathan Druart changed: What|Removed |Added Status|ASSIGNED

[Koha-bugs] [Bug 19121] Prevent XSS in the Staff Client and the OPAC - bis

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19121 --- Comment #1 from Jonathan Druart --- Created attachment 66045 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=66045=edit Bug 19121: [PoC] Prevent XSS - Escape variables