Koha/koha-tmpl/intranet-tmpl/prog at 146f7314cf983ae20c35b2606acce7408e42e00e - Koha-community/Koha - Koha: The world's first free and open source library system

History

Jonathan Druart 146f7314cf Bug 27942: Prevent XSS vulnerabilities in quote-upload When uploading new quotes the JS variables are not escaped correctly. Test plan: Create a new file with the following content (remove the first and last lines containing """): """ ":this is a source","this is a text" "this is another ❤one","and another text❤" "this <script>alert('foo');</script>","and <script>alert('❤');</script>" """ Go to Home › Tools › Quote editor Click Import quote Select the file Edit the third line, hit enter Import quotes Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>		2021-05-26 09:26:56 +02:00
..
css	Bug 28187: Compiled CSS	2021-05-19 15:06:42 +02:00
en	Bug 27942: Prevent XSS vulnerabilities in quote-upload	2021-05-26 09:26:56 +02:00
img
js	Bug 28351: (bug 26261) Fix datepicker for dateformat ne mm/dd/yyyy	2021-05-19 14:45:36 +02:00
pdf
sound