Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity

Bug 26102: Prevent XSS when To.json is used: admin/preferences.tt

Browse source 
Test that preference search term highlighting works correctly.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This commit is contained in:
Owen Leonard 2020-08-11 12:31:26 +00:00 committed by Fridolin Somers
parent 04dd54c611
commit 97bcf926da
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences.tt
View file

@ -280,7 +280,7 @@
});
});
// This is here because of its dependence on template variables, everything else should go in js/pages/preferences.js - jpw
var to_highlight = "[% To.json( searchfield ) | $raw %]";
var to_highlight = "[% To.json( searchfield ) | html %]";
var search_jumped = [% IF ( search_jumped ) %]true[% ELSE %]false[% END %];
</script>
[% Asset.js("lib/jquery/plugins/humanmsg.js") | $raw %]