git.koha-community.org Git - koha.git/commit

author	Kyle M Hall <kyle@bywatersolutions.com>
	Thu, 21 Mar 2024 13:30:26 +0000 (09:30 -0400)
committer	Fridolin Somers <fridolin.somers@biblibre.com>
	Wed, 24 Apr 2024 05:36:20 +0000 (07:36 +0200)
commit	a9a2b686193d08f469912009d45acb300844a4df
tree	32eea6a6a488a334901b24c88f16c148d1e44d8f	tree \| snapshot
parent	eac751072ef54686faea8f4f34b5a58e6256faff	commit \| diff

Bug 36382: XSS in showLastPatron dropdown

1) Set borrower surname to:
<script>alert("here comes trouble");</script>
2) Save, nothing happens
3) Enable showLastPatron
4) Reload patron
5) Note the alert popup
6) Apply this patch
7) Reload patron
8) No alert!

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

koha-tmpl/intranet-tmpl/prog/js/staff-global.js

diff | blob | history

Main Koha release repository

RSS Atom