Bug 16800: Fix XSS in catalogue/*detail.tt - title
Test plan:
catalogue a bibliographic record with a title=
</title><script>alert('XSS')</script>
Go on the detail pages.
=> Without this patch you will see the alert
=> With this patch, no more alert
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
This of course means that any html in the title will no longer be
evaluated. :
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit
515208d5ec308ade967efe04388bbedbf5f2b057)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>