5bdf4601df
To Test
1/ Craft a url like /cgi-bin/koha/opac-search.pl?q=123&sort_by='"><script>prompt('Happy_Holidays')</script>&limit=123
It is important it must return results and facets
2/ Notice the js is executed
3/ Apply the patch test again
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Popup is gone after applying the patch. Facet link still shows it but does not execute. It's gone after clicking the link.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
|
||
|---|---|---|
| .. | ||
| search | ||
| authorities-search-results.inc | ||
| bodytag.inc | ||
| calendar.inc | ||
| datatables.inc | ||
| date-format.inc | ||
| doc-head-close.inc | ||
| doc-head-open.inc | ||
| item-status-schema-org.inc | ||
| item-status.inc | ||
| masthead-sco.inc | ||
| masthead.inc | ||
| navigation.inc | ||
| opac-authorities.inc | ||
| opac-bottom.inc | ||
| opac-detail-sidebar.inc | ||
| opac-facets.inc | ||
| opac-topissues.inc | ||
| page-numbers.inc | ||
| patron-title.inc | ||
| resort_form.inc | ||
| shelfbrowser.inc | ||
| subtypes_unimarc.inc | ||
| usermenu.inc | ||