From 4412cfe0273db1daee43869f37b93dc6e18c6b25 Mon Sep 17 00:00:00 2001 From: Owen Leonard Date: Tue, 11 Aug 2020 12:34:18 +0000 Subject: [PATCH] Bug 26102: Prevent XSS when To.json is used: authorities/authorities.tt Check that mandatory tags and subfields are correctly required when editing an authority record. Signed-off-by: Nick Clemens Signed-off-by: Katrin Fischer Signed-off-by: Andrew Fuerste-Henry --- .../intranet-tmpl/prog/en/modules/authorities/authorities.tt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/authorities/authorities.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/authorities/authorities.tt index 56e38dbddc..e9bcf3f8cb 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/authorities/authorities.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/authorities/authorities.tt @@ -79,7 +79,7 @@ function AreMandatoriesNotOk(){ [% FOREACH subfield_loo IN innerloo.subfield_loop %] [% IF ( subfield_loo.mandatory ) %]mandatories.push("[% subfield_loo.id | html %]"); tab.push("[% BIG_LOO.number | html %]"); - label.push("[% To.json(subfield_loo.marc_lib) | $raw %]"); + label.push("[% To.json(subfield_loo.marc_lib) | html %]"); [% END %] [% END %] [% END %] -- 2.39.5