Jonathan Druart
1d0d5f1398
There are certainly hundred of places where they are not escaped... Test plan: Create a patron with "Arun <script>alert('code injection');</script>" in some of the fields. Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com> |
||
---|---|---|
.. | ||
intranet-tmpl | ||
opac-tmpl | ||
favicon.ico | ||
index.html | ||
intranet.html | ||
opac.html |