From 93ff5a2b3e5f0394d37af787184622cfc59ba481 Mon Sep 17 00:00:00 2001 From: Wainui Witika-Park Date: Mon, 21 Feb 2022 04:57:23 +0000 Subject: [PATCH] Revert "Bug 26102: Prevent XSS when To.json is used: unimarc_field_4XX.tt" This reverts commit 155aa985a83f47c1c565002303cd4b3eb8b00483. --- .../value_builder/unimarc_field_4XX.tt | 34 +++++++++---------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/value_builder/unimarc_field_4XX.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/value_builder/unimarc_field_4XX.tt index 8add060a74..2268a0953c 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/value_builder/unimarc_field_4XX.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/value_builder/unimarc_field_4XX.tt @@ -167,55 +167,55 @@ var subfield = subfields[i+1]; if(code.value == '9'){ - subfield.value = "[% To.json( subfield_value_9 ) | html %]"; + subfield.value = "[% subfield_value_9 |replace("'", "\'") |replace('"', '\"') |replace('\n', '\\n') |replace('\r', '\\r') | html %]"; } if(code.value == '0'){ - subfield.value = "[% To.json( subfield_value_0 ) | html %]"; + subfield.value = "[% subfield_value_0 |replace("'", "\'") |replace('"', '\"') |replace('\n', '\\n') |replace('\r', '\\r') | html %]"; } if(code.value == 'a'){ - subfield.value = "[% To.json( subfield_value_a ) | html %]"; + subfield.value = "[% subfield_value_a |replace("'", "\'") |replace('"', '\"') |replace('\n', '\\n') |replace('\r', '\\r') | html %]"; } if(code.value == 'c'){ - subfield.value = "[% To.json( subfield_value_c ) | html %]"; + subfield.value = "[% subfield_value_c |replace("'", "\'") |replace('"', '\"') |replace('\n', '\\n') |replace('\r', '\\r') | html %]"; } if(code.value == 'd'){ - subfield.value = "[% To.json( subfield_value_d ) | html %]"; + subfield.value = "[% subfield_value_d |replace("'", "\'") |replace('"', '\"') |replace('\n', '\\n') |replace('\r', '\\r') | html %]"; } if(code.value == 'e'){ - subfield.value = "[% To.json( subfield_value_e ) | html %]"; + subfield.value = "[% subfield_value_e |replace("'", "\'") |replace('"', '\"') |replace('\n', '\\n') |replace('\r', '\\r') | html %]"; } if(code.value == 'h'){ - subfield.value = "[% To.json( subfield_value_h ) | html %]"; + subfield.value = "[% subfield_value_h |replace("'", "\'") |replace('"', '\"') |replace('\n', '\\n') |replace('\r', '\\r') | html %]"; } if(code.value == 'i'){ - subfield.value = "[% To.json( subfield_value_i ) | html %]"; + subfield.value = "[% subfield_value_i |replace("'", "\'") |replace('"', '\"') |replace('\n', '\\n') |replace('\r', '\\r') | html %]"; } if(code.value == 'l'){ - subfield.value = "[% To.json( subfield_value_l ) | html %]"; + subfield.value = "[% subfield_value_l |replace("'", "\'") |replace('"', '\"') |replace('\n', '\\n') |replace('\r', '\\r') | html %]"; } if(code.value == 'n'){ - subfield.value = "[% To.json( subfield_value_n ) | html %]"; + subfield.value = "[% subfield_value_n |replace("'", "\'") |replace('"', '\"') |replace('\n', '\\n') |replace('\r', '\\r') | html %]"; } if(code.value == 'o'){ - subfield.value = "[% To.json( subfield_value_o ) | html %]"; + subfield.value = "[% subfield_value_o |replace("'", "\'") |replace('"', '\"') |replace('\n', '\\n') |replace('\r', '\\r') | html %]"; } if(code.value == 'p'){ - subfield.value = "[% To.json( subfield_value_p ) | html %]"; + subfield.value = "[% subfield_value_p |replace("'", "\'") |replace('"', '\"') |replace('\n', '\\n') |replace('\r', '\\r') | html %]"; } if(code.value == 't'){ - subfield.value = "[% To.json( subfield_value_t ) | html %]"; + subfield.value = "[% subfield_value_t |replace("'", "\'") |replace('"', '\"') |replace('\n', '\\n') |replace('\r', '\\r') | html %]"; } if(code.value == 'u'){ - subfield.value = "[% To.json( subfield_value_u ) | html %]"; + subfield.value = "[% subfield_value_u |replace("'", "\'") |replace('"', '\"') |replace('\n', '\\n') |replace('\r', '\\r') | html %]"; } if(code.value == 'v'){ - subfield.value = "[% To.json( subfield_value_v ) | html %]"; + subfield.value = "[% subfield_value_v |replace("'", "\'") |replace('"', '\"') |replace('\n', '\\n') |replace('\r', '\\r') | html %]"; } if(code.value == 'x'){ - subfield.value = "[% To.json( subfield_value_x ) | html %]"; + subfield.value = "[% subfield_value_x |replace("'", "\'") |replace('"', '\"') |replace('\n', '\\n') |replace('\r', '\\r') | html %]"; } if(code.value == 'y'){ - subfield.value = "[% To.json( subfield_value_y ) | html %]"; + subfield.value = "[% subfield_value_y |replace("'", "\'") |replace('"', '\"') |replace('\n', '\\n') |replace('\r', '\\r') | html %]"; } } } -- 2.39.5