From 081fbd24661c6ff427726fdbf2d1e84527b5e2a6 Mon Sep 17 00:00:00 2001 From: Owen Leonard Date: Tue, 11 Aug 2020 15:05:59 +0000 Subject: [PATCH] Bug 26102: Prevent XSS when To.json is used: guarantor_search.tt To test, edit a patron record and go through the process of adding a guarantor. In the guarantor search results table the address should be displayed correctly. Signed-off-by: Nick Clemens Signed-off-by: Katrin Fischer Signed-off-by: Fridolin Somers --- .../prog/en/modules/members/tables/guarantor_search.tt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/guarantor_search.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/guarantor_search.tt index 38ec5aa9e0..fd55506c11 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/guarantor_search.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/tables/guarantor_search.tt @@ -32,5 +32,5 @@ [%~ IF data.zipcode %][% SET address = address _ data.zipcode _ ' ' %][% END %] [%~ IF data.country %][% SET address = address _ data.country _ ' ' %][% END %] [%~ SET address = address _ Branches.GetName( data.branchcode ) %] -[%~ To.json( address ) | $raw ~%] +[%~ address | html | $To ~%] [% END %] -- 2.39.5