[Koha-bugs] [Bug 23341] Hold Notes should allow for HTML tags
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23341 Joy Nelson changed: What|Removed |Added CC||j...@bywatersolutions.com Status|In Discussion |RESOLVED Resolution|--- |WONTFIX --- Comment #8 from Joy Nelson --- see bz 25468 for new approach to solving the problem -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23341] Hold Notes should allow for HTML tags
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23341 Katrin Fischer changed: What|Removed |Added Status|Signed Off |In Discussion --- Comment #7 from Katrin Fischer --- Moving this to discussion for now. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23341] Hold Notes should allow for HTML tags
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23341 Katrin Fischer changed: What|Removed |Added CC||katrin.fisc...@bsz-bw.de --- Comment #6 from Katrin Fischer --- (In reply to Nick Clemens from comment #5) > This has one caveat - patrons can enter these notes, not just staff, so this > would open possibility of XSS attack > > Talking internally we think we could filter the patron note on entry > > Alternatively, we can split the note into a public_note and private_note - > filter the public and display it to patrons, but don't filter the > private_note and keep it only for staff Do we know more about the use case for this? If it's about handling line breaks like in the example from Jessica we could handle this easily without allowing line breaks. Otherwise I really like the idea of splitting into internal and public notes as this would allow for more flexible use. Right now if you use the note publicly, you don't have any way to make internal notes and this could easily go wrong. Should we reset status here to "In discussion"? -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23341] Hold Notes should allow for HTML tags
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23341 Nick Clemens changed: What|Removed |Added CC||n...@bywatersolutions.com --- Comment #5 from Nick Clemens --- This has one caveat - patrons can enter these notes, not just staff, so this would open possibility of XSS attack Talking internally we think we could filter the patron note on entry Alternatively, we can split the note into a public_note and private_note - filter the public and display it to patrons, but don't filter the private_note and keep it only for staff -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23341] Hold Notes should allow for HTML tags
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23341 Frédérik Chénier changed: What|Removed |Added Attachment #91658|0 |1 is obsolete|| --- Comment #4 from Frédérik Chénier --- Created attachment 91661 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=91661=edit Bug 23341: Hold Notes should allow for HTML tags Signed-off-by: Jessica Ofsa Signed-off-by: frederik chenier -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23341] Hold Notes should allow for HTML tags
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23341 Jessica Ofsa changed: What|Removed |Added CC||jo...@vt.edu --- Comment #3 from Jessica Ofsa --- HTML tested: TN 149 Title: Call Number: BF721 .P8 V. 58 Year: 20030101 V. 58 Issue/Part: pg. 35- Article Title: Margo and me. Gender as a cause and solution to unmet needs. Article Author: Knight, Rona, Resulting hold note: TN 149 Title: Call Number: BF721 .P8 V. 58 Year: 20030101 V. 58 Issue/Part: pg. 35- Article Title: Margo and me. Gender as a cause and solution to unmet needs. Article Author: Knight, Rona, -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23341] Hold Notes should allow for HTML tags
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23341 Lucas Gass changed: What|Removed |Added Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23341] Hold Notes should allow for HTML tags
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23341 ByWater Sandboxes changed: What|Removed |Added Attachment #91609|0 |1 is obsolete|| --- Comment #2 from ByWater Sandboxes --- Created attachment 91658 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=91658=edit Bug 23341: Hold Notes should allow for HTML tags Signed-off-by: Jessica Ofsa -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23341] Hold Notes should allow for HTML tags
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23341 Lucas Gass changed: What|Removed |Added Status|NEW |Needs Signoff -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23341] Hold Notes should allow for HTML tags
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23341 --- Comment #1 from Lucas Gass --- Created attachment 91609 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=91609=edit Bug 23341: Hold Notes should allow for HTML tags TEST PLAN: 1. place a hold 2. make sure you add a note that includes HTML like "yolo" 3. notice that HTML displays literally 4. apply patch 5. Now the note field should render the HTML -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23341] Hold Notes should allow for HTML tags
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23341 Lucas Gass changed: What|Removed |Added Version|18.11 |master -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23341] Hold Notes should allow for HTML tags
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23341 Kelly changed: What|Removed |Added Assignee|koha-b...@lists.koha-commun |lu...@bywatersolutions.com |ity.org | -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23341] Hold Notes should allow for HTML tags
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23341 Kelly changed: What|Removed |Added CC||jza...@bywatersolutions.com -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
