]> git.koha-community.org Git - koha.git/commit
Bug 33144: Unescape text from authority lookup for advanced editor
authorPhil Ringnalda <phil@chetcolibrary.org>
Mon, 6 Mar 2023 05:24:56 +0000 (21:24 -0800)
committerArthur Suzuki <arthur.suzuki@biblibre.com>
Thu, 20 Apr 2023 09:15:45 +0000 (11:15 +0200)
commit3918909d6425bb3070f8c8a709619457854fafce
tree7c2d0cf8732b1c9037392487f94730fc1f1a9136
parentc0435b905659cfd84d5436b1153f9b55025ca906
Bug 33144: Unescape text from authority lookup for advanced editor

While the basic editor is happy with an array of subfields it can
stuff into separate fields, the advanced editor needs to get a JS
string back from the authority lookup plugin, because it is going
to just add the whole thing as text. The string has to be HTML
entity encoded, both to not allow XSS and just to not break the
window, but it needs to then be unencoded before being inserted
into the editor.

Test plan:
1. Set the system preference EnableAdvancedCatalogingEditor to
   Enable
2. Edit any Topical Term authority, and at the end of tag 150
   subfield a, add & </script>
3. Cataloging - Advanced editor
4. Press return in the editor to get a new blank line, type 650
   and press tab three times, then type Ctrl-Shift-L
5. Search for your modified authority, and click Choose
6. Verify that the tiny popup opened by the search window finished
   its job and closed itself
7. Verify that your 650 now shows as "‡aAbduction &
   </script>‡vDrama" rather than "‡aAbduction  &amp;
   &lt;/script&gt;‡vDrama."

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit e171d5fdd319ec9d955992c9340bb9a1530e3aaf)
Signed-off-by: Jacob O'Mara <jacob.omara@ptfs-europe.com>
(cherry picked from commit 2f1d407d4e45f54d7ebb53aa08a0e223ba423bf2)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 738d97e59de27e86369c552a1ee56cc22b652136)
Signed-off-by: Arthur Suzuki <arthur.suzuki@biblibre.com>
koha-tmpl/intranet-tmpl/prog/en/modules/authorities/blinddetail-biblio-search.tt