Koha/koha-tmpl/intranet-tmpl/prog/en/modules/reviews at c006950355a24d10487aab60bd5a9cc624f5fe74 - Koha-community/Koha - Koha: The world's first free and open source library system

History

Galen Charlton 60983cfeee kohabug 2026 - HTML-escape comments This is a partial, perhaps temporary fix. "<", ">", and "&" characters in patron comments (AKA reviews) are converted to "<", ">", and "&" to avoid certain attacks, e.g., a user entering a <script> tag in a comment. A more permanent fix should scrub all (or perhaps just unsafe) tags from submitted comments entirely. Signed-off-by: Joshua Ferraro <jmf@liblime.com>	2008-04-30 21:59:01 -05:00
..
reviewswaiting.tmpl	kohabug 2026 - HTML-escape comments	2008-04-30 21:59:01 -05:00

Galen Charlton 60983cfeee kohabug 2026 - HTML-escape comments

This is a partial, perhaps temporary fix.  "<", ">",
and "&" characters in patron comments (AKA reviews)
are converted to "&lt;", "&gt;", and "&amp;" to avoid
certain attacks, e.g., a user entering a <script> tag
in a comment.

A more permanent fix should scrub all (or perhaps just
unsafe) tags from submitted comments entirely.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>

2008-04-30 21:59:01 -05:00

reviewswaiting.tmpl

kohabug 2026 - HTML-escape comments

2008-04-30 21:59:01 -05:00