projects / working / Evergreen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 373cce6) | patch
LP1757526 Escape displayed catalogue data
authorDan Scott <dscott@laurentian.ca>
Wed, 21 Mar 2018 21:08:35 +0000 (22:08 +0100)
committerGalen Charlton <gmc@equinoxinitiative.org>
Wed, 28 Mar 2018 14:35:09 +0000 (10:35 -0400)
commit9d7b19f77d0ba1c2d898f0e73b3d8fa82331950f
tree7dbd9867fbbbe66f8089800e75cbc8a26f88f6b2tree
parent373cce64eafebd4b90bf040cf91f5b464540c057commit | diff
LP1757526 Escape displayed catalogue data

Content in content fields (5xx) as well as for the names of locations in copy
count alt text was not being properly escaped, allowing for the possibility of
executing arbitrary JavaScript in the case of a malicious catalogue record
(whether edited in the system, or imported)

Signed-off-by: Dan Scott <dscott@laurentian.ca>
Signed-off-by: Chris Sharp <csharp@georgialibraries.org>
Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>
Open-ILS/src/templates/opac/parts/record/contents.tt2 diff | blob | history
Open-ILS/src/templates/opac/parts/record/copy_counts.tt2 diff | blob | history
Evergreen ILS