projects / evergreen / masslnc.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1e507ee) | patch
LP1757526 Escape displayed catalogue data
authorDan Scott <dscott@laurentian.ca>
Wed, 21 Mar 2018 21:08:35 +0000 (22:08 +0100)
committerGalen Charlton <gmc@equinoxinitiative.org>
Wed, 28 Mar 2018 14:34:36 +0000 (10:34 -0400)
commit70750f721dcaba24d09cba8a41da35e6964e122b
treee5d1980948aec411480b8b7104b278e5aab1cd39tree
parent1e507ee0a853a26d4482444d37c040b9d73022efcommit | diff
LP1757526 Escape displayed catalogue data

Content in content fields (5xx) as well as for the names of locations in copy
count alt text was not being properly escaped, allowing for the possibility of
executing arbitrary JavaScript in the case of a malicious catalogue record
(whether edited in the system, or imported)

Signed-off-by: Dan Scott <dscott@laurentian.ca>
Signed-off-by: Chris Sharp <csharp@georgialibraries.org>
Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>
Open-ILS/src/templates/opac/parts/record/contents.tt2 diff | blob | history
Open-ILS/src/templates/opac/parts/record/copy_counts.tt2 diff | blob | history
Evergreen working repo (MassLNC)