From 39c42f6a2c757dc6ad67b2d202f9753d23f3945d Mon Sep 17 00:00:00 2001 From: Wainui Witika-Park Date: Mon, 21 Feb 2022 04:58:03 +0000 Subject: [PATCH] Revert "Bug 26102: Prevent XSS when To.json is used: authorities/authorities.tt" This reverts commit 711848f856ebf0215055184a6dd8afa3bd7f688f. --- .../intranet-tmpl/prog/en/modules/authorities/authorities.tt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/authorities/authorities.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/authorities/authorities.tt index edea5c4648..29b373dd35 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/authorities/authorities.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/authorities/authorities.tt @@ -69,7 +69,7 @@ function AreMandatoriesNotOk(){ [% FOREACH subfield_loo IN innerloo.subfield_loop %] [% IF ( subfield_loo.mandatory ) %]mandatories.push("[% subfield_loo.id | html %]"); tab.push("[% BIG_LOO.number | html %]"); - label.push("[% To.json(subfield_loo.marc_lib) | html %]"); + label.push("[% subfield_loo.marc_lib | $raw |replace("'", "\'") |replace('"', '\"') |replace('\n', '\\n') |replace('\r', '\\r') %]"); [% END %] [% END %] [% END %] -- 2.39.5