Koha/koha-tmpl at 99f3121ff874fdc38aa607ca0db5b16436dd16ca - Koha-community/Koha - Koha: The world's first free and open source library system

History

Chris Cormack 5bdf4601df Bug 13425 - XSS in opac facets - Patch for master and 3.18 To Test 1/ Craft a url like /cgi-bin/koha/opac-search.pl?q=123&sort_by='"><script>prompt('Happy_Holidays')</script>&limit=123 It is important it must return results and facets 2/ Notice the js is executed 3/ Apply the patch test again Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net> Popup is gone after applying the patch. Facet link still shows it but does not execute. It's gone after clicking the link. Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>		2014-12-11 12:10:32 -03:00
..
intranet-tmpl	Bug 12123 - [Alternative patch] HTML notices can break the notice viewer	2014-12-03 11:51:56 -03:00
opac-tmpl	Bug 13425 - XSS in opac facets - Patch for master and 3.18	2014-12-11 12:10:32 -03:00
favicon.ico
index.html
intranet.html
opac.html
templates.readme