From dbc4f4df25ef286dff5403be5c6be19561d018c3 Mon Sep 17 00:00:00 2001 From: Wainui Witika-Park Date: Mon, 21 Feb 2022 04:57:56 +0000 Subject: [PATCH] Revert "Bug 26102: Prevent XSS when To.json is used: authorities/blinddetail-biblio-search.tt" This reverts commit 9179e5b707673d8c9b16f842dc3abffede36b1be. --- .../modules/authorities/blinddetail-biblio-search.tt | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/authorities/blinddetail-biblio-search.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/authorities/blinddetail-biblio-search.tt index f30bba6ba6..6822225ea9 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/authorities/blinddetail-biblio-search.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/authorities/blinddetail-biblio-search.tt @@ -30,12 +30,12 @@ var new_line = ""; [% ELSE %] var new_line = " - [%- FOREACH SUBFIELD_LOO IN SUBFIELD_LOOP -%]‡ - [%- To.json( SUBFIELD_LOO.marc_subfield ) | html -%] - [%- FOREACH marc_value IN SUBFIELD_LOO.marc_values -%] - [%- To.json( marc_value ) | html -%] - [%- END -%] - [%- END -%]‡9[% authid | html %]"; + [%- FOREACH SUBFIELD_LOO IN SUBFIELD_LOOP -%]‡ + [%- SUBFIELD_LOO.marc_subfield |replace("'", "\'") |replace('"', '\"') |replace('\n', '\\n') |replace('\r', '\\r ') | html -%] + [%- FOREACH marc_value IN SUBFIELD_LOO.marc_values -%] + [%- marc_value |replace("'", "\'") |replace('"', '\"') |replace('\n', '\\n') |replace('\r', '\\r') | html -%] + [%- END -%] + [%- END -%]‡9[% authid | html %]"; [% END %] RancorReplaceField( new_line, "[% indicator1 | html %]", "[% indicator2 | html %]" ); [% ELSE %] -- 2.39.5