From 726d3e180830493270d6c2d1c45bbd7cf363a1c8 Mon Sep 17 00:00:00 2001 From: Wainui Witika-Park Date: Mon, 21 Feb 2022 04:58:10 +0000 Subject: [PATCH] Revert "Bug 26102: Prevent XSS when To.json is used: admin/preferences.tt" This reverts commit f2063ecd9ff72537408c30516a4e0a8651f6c5d2. --- koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences.tt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences.tt index 814af9ea85..38ecd63e1c 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences.tt @@ -200,7 +200,7 @@ }); // This is here because of its dependence on template variables, everything else should go in js/pages/preferences.js - jpw - var to_highlight = "[% To.json( searchfield ) | html %]"; + var to_highlight = "[% searchfield |replace("'", "\'") |replace('"', '\"') |replace('\n', '\\n') |replace('\r', '\\r') | html %]"; var search_jumped = [% IF ( search_jumped ) %]true[% ELSE %]false[% END %]; var MSG_NOTHING_TO_SAVE = _("Nothing to save"); var MSG_SAVING = _("Saving..."); -- 2.39.5