To Test
1. Hit the page /cgi-bin/koha/members/memberentry.pl
2. Add a text in the field address, address2, city, state, country,
zipcode, B_streetnumber, B_city, B_country, B_zipcode that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
[% SET roadtype_desc = AuthorisedValues.GetByCode('ROADTYPE', streettype) %]
[% END %]
<liclass="patronaddress1">[% if (streetnumber) %][% streetnumber %][% end %] [% address %] [% IF roadtype_desc %][% roadtype_desc %] [% END %][% end %]</li>
<liclass="patronaddress1">[% if (streetnumber) %][% streetnumber |html %][% end %] [% address |html %] [% IF roadtype_desc %][% roadtype_desc |html %] [% END %][% end %]</li>
[% SET roadtype_desc = AuthorisedValues.GetByCode('ROADTYPE', B_streettype) %]
[% END %]
<liclass="patronaddress1">[% if (B_streetnumber) %][% B_streetnumber %][% end %] [% B_address %] [% IF roadtype_desc %][% roadtype_desc %] [% END %][% end %]</li>
<liclass="patronaddress1">[% if (B_streetnumber) %][% B_streetnumber |html %][% end %] [% B_address |html %] [% IF roadtype_desc %][% roadtype_desc |html %] [% END %][% end %]</li>